| The project based on "Network Camouflaging Cooperative Security Model Research", which is supported by the National Natural Science Foundation.Intrusion Detection System(IDS) is invented to solve this problem. It's a mixture of digital processing, audit, pattern matching and stat. Through analyzing the audit digital or the network packet, It can find the attack to the computer and network. In the filed of intrusion detection, anomaly detection is an important branch. It first summarizes the actions of a program and creates the profit, and then monitors the program. If the following actions don't match the profit, maybe an attack is being done. The study of anomalous intrusion detection is very important, because it can detect unknown attack behavior. Now anomalous intrusion detection becomes emphasis of safe-specialist.But the adaptability of traditional anomaly detection is very poor, if user's behavior changes, system may give an alarm, increase false alarm rate. Key operations of user via system calls which transform from user to kernel, we can know user's actions by system calls sequence. So, system call is a very efficient input to anomaly detection system. We can detect abnormal by system calls sequence. Now based on system calls of anomaly detection is very important in based on host of anomaly detection.Now aiming at the problems of the intrusion detection technology, especially low detection rate, high false alarm rate and false negative rate in undefined intrusion behavior, we have applied genetic algorithm which having self-study, adaptability and self-organization to intrusion detection. Because of characteristics of genetic algorithm, characteristic pattern is better to represent the behavior of application, at the same time, the size of pattern set reduces more, detection speed and detection rate are improved, false alarm rate and false negative rate are reduced.This paper presents a new method based on genetic algorithm and TIDE (Time-Delay Embedding). Based on basic short sequences of system call which are created by TIDE algorithm, we learn short sequences of system call by genetic algorithm, and detect test data by single mode incompletion matching method. The main study content includes several. First, how to apply genetic algorithm to anomalous intrusion detection. Second, which genetic operators, parameter and detect algorithm to choose. Third, how to implement prototype system of anomalous intrusion detection. Last, how to compare the result of genetic algorithm to other algorithm. The experimental results show that the method can achieve high detection performance, and succeeds in combining the IDS and the Genetic Algorithmic in IDS technology. Although, in fact, the application of GA in the IDS that makes the IDS has intelligence is still in experimental phase, there are many aspects too be studied on the IDS in the future. |
PDF Full Text Request