| As a dynamic security technology, intrusion detection provides real-time protection against internal and external attacks as well as misoperation intercepts and responds to intrusive behaviors before attacks exert any harm to the network. At present, the anomaly detection research which has put forward a batch of detection technologies for the security field, while there are still many problems pending to get solved.This thesis adopts the idea of anomaly detection and selects clustering algorithm, and then presents an adaptive anomaly detection model based on a cluster of normal profiles. Based on that model, a hybrid intrusion detection system is realized. This thesis concludes main contents as follows:1. Analyzes the research methodology of anomaly detection technologies in detailed, describes the normal profile in anomaly detection technologies, sums up the processes of adaptive intrusion detection. At the same time, analyzes and compares applications of clustering algorithm in intrusion detection.2. Proposes an adaptive anomaly detection model based on normal profile by clustering. It selectes normal data records to establish a normal profile through k-means clustering algorithm, detectes network data records according to the normal profile, and updates the normal profile with detected normal data records. Experiments with the KDD cup 99 dataset indicates that the detection system can adapt to data change trends and the detection rate gets a better improvement, while maintaining a very low rate of false alarms.3. Realizes a hybrid intrusion detection system, which incorporated the advantages of both misuse detection and anomaly detection. The experiment showed that detection rate reaches 84.37%, while false alarms rate is 1.16%. The system has a betterr adaption. |
PDF Full Text Request