Intrusion Detection Research Based On Support Vector Machine And Fusion

In recent years, with broad and deep penetration of information and network technology to the commercial, financial, military, scientific research, education, and people in all areas of daily life, attacked more and more of computer network system, computer network security has become the focus of increasing attention. Intrusion detection as a new network security technologies, it can search and find the information on the key nodes which are in the network. At present, domestic and foreign scholars have developed a variety of detection methods, mainly including Bayesian classification, data mining, expert systems, neural networks, artificial immune systems, Petri nets, Markov chains, autonomous Agent, support vector machines (SVM). But an unavoidable reality is that it has not developed a real sense to put into practical operation of the intrusion detection system so far. The main reason is that, unlike other destructive behavior (for example: computer virus) , it is different from the invasion means diversity, complexity and intelligent features, and the current intrusion detection methods are proposed for some or only certain types of intrusion are effective, but for others there is considerable intrusion detection problem, leading to high false negative rate and false alarm rate. So, how to effectively detect intrusions, is the focal point and difficult point in the network intrusion detection at the present stage. As fusion technology applied to network anomaly detection to make up for the shortcomings of traditional anomaly detection system, so this paper will examine multiple-sensor data fusion-based network intrusion detection technology, research based on the classic respectively D-S, and improved D-S evidence theory fusion decision algorithm for intrusion detection method.First of all, this paper provides an overview of intrusion detection of fundamental concepts, models, general classification, commonly used processes, roles and necessities, detection methods and trends.Then I will expounded the theory of machine learning, support vector machine theory and data fusion techniques.Then, with combination of D-S evidence theory, I proposed a method of anomaly detection based on SVM fusion witch can effectively compensate for individual SVM detection limitations.Next, on the issues that classic D-S evidence fusion algorithms will get not reasonable results when it serious encounter conflict, which leads to high rate of false positives and false negatives rate, i proposed an improved D-S algorithm, and introduced it to anomaly detection. Verify through experiments, a description of the algorithm can effectively improve the efficiency of fusion, thereby improving detection performance.Finally, on the issues that the training time for SVM is too long and sample collection sets take up too much storage space, so I proposed a new intrusion detection method which based on attribute reduction and parameter optimization of SVM .I used rough set theory to characterize and reduction the sample collection sets which can delete no effect on the properties of intrusion detection, while I also used an improved grid search algorithm to optimize the parameters of SVM, so as to solve the SVM training for a long time and storage space problems. I made some experiments by KDD99 data sets , and the results shows that the method is a effective method of intrusion detection. Because it not only accelerates the speed of training for SVM but also improves the accuracy of intrusion detection.