The Research On Intrusion Detection System Based On Machine Learning

With the rapid development of computer and internet, the problem of network security becomes more and more important. The intrusion detection system which can discover each kind of invasion behavior rapidly and effectively becomes an active research topic in the field of network security. As a new protection method after traditional security method,intrusion detection is tries to find out current intrusion behavior with some related techniques to improve the safety of the target system. Most of the existing intrusion detection has a lot of shortcomings, such as time-consuming, the test accuracy is low, the rate of false positives and the rate of false negatives is too higher. Intrusion detection based on machine learning has been a hot topic of network security research. Through getting information from training data, it establishes a detection model which is for distinguishing normal state from intrusion state. However, there still exist some unresolved problems, such as the difficulties in obtaining large amount of attack data for the classifier model, the training sample tagging is always time consuming and relies on the domain experts greatly, etc. As a machine learning method based on the statistical theory, Support Vector Machine (SVM) is a good solution to the actual problems, such as the problems of small sample learning, nonlinear over learning, high dimension. Therefore, SVM is applied in intrusion detection, it can overcome the defects of intrusion detection method commonly and achieve good detection performance.Because of the highly regularity of the network protocol of the data package, a new intrusion detection method is suggested, in order to improve the efficiency. The protocol analysis technique is suggested to be attached to the clustering support vector machine. It can take out the illegal data efficiently and reduce the sample training time, with clustering algorithm it can reduce the sample training time and detecting time further, and improve the algorithm efficiency. Finally, the paper designed a novel intrusion detection model, and uses KDDCUP99 data to test its performance. The result of simulations showed that this method was an effective and feasible method, which lowered false detection rate and improved the efficiency. Therefore, this topic has the reference to the filed of machine learning and intrusion detection system.