Network Intrusion Anomaly Detection And Identification Research

Posted on:2013-04-09

Degree:Master

Type:Thesis

Country:China

Candidate:C J Guo

Full Text:PDF

GTID:2248330374964241

Subject:Computer application technology

Abstract/Summary:

PDF Full Text Request

With the popularity of the Internet, information security issues become increasingly prominent. Intrusion detection can discover violations of security policy through the collection of information in the system and network. As a complement of firewall, intrusion detection can better compensate for the defects of the traditional protection mechanisms. But because of the ever-changing invasion means, intrusion detection has high false positives and is difficult to identify unknown intrusion by traditional signature.To solve the above problem, the study takes the anomaly detection model. This paper introduces Transduction Scheme Network Anomaly Detection Method for intrusion detection, and then makes the discriminant classifier for intrusion patterns by case-based reasoning. Thus provide reliable information basis for the intrusion response. The main work is as follows:First of all, because of the high false positives in anomaly detection model and being difficult to model issues, we introduce Transduction Scheme Network Anomaly Detection Method. But it is not effective to detect anomaly which do not have obvious characteristics. For this problem, this paper introduces rough set theory to improve it. It improve the detection efficiency for some type of exception.Secondly, in the invasion of the classification of pattern recognition we introduce the case-based reasoning theory. This paper put forward the case retrieval strategy and case reuse and correction methods for network intrusion identification. The algorithm takes advantage of the self-learning ability of case-based reasoning, to solve the problem of classification and identification of the current invasion by using existing invasion information.Finally, this paper proposes a case library reduction method based on genetic algorithm for the case library continue to expand. The method makes the case base to obtain smaller scale and high correct rate of case-based reasoning on the intrusion identification and classification. Using KDDCup1999data set to test the above study, experimental results demonstrate the effectiveness of the method.

Keywords/Search Tags:

Intrusion detection, Intrusion identification, Case-based reasoning, Rough set, Genetic algorithm

PDF Full Text Request

Related items

1	Intrusion Detection Technology Based On Rough Set Theory And Genetic Algorithms
2	Research On Misuse Type Of Network Intrusion Detection Technology Based CBR Theory
3	Rough Set Theory Based Network Intrusion Detection Method
4	A Kind Of Network Intrusion Detection Research Based On Rough Sets And Genetic Algorithm To Improve The SVM
5	Research Of Intrusion Detection Based On Mixed Clustering Algorithm
6	Research On Intrusion Detection Model Based On Artificial Neural Network Combined With Genetic Algorithm
7	Research Of Intrusion Detection Technology Based On Fuzzy Clustering Analysis
8	The Research And Implementation Of Detection And Recognition Algorithm For Optical Fiber Intrusion Signals
9	Research On The Intrusion Detection Method Based On Rough Sets And Apriori CRS Algorithm
10	The Research Of Intrusion Detection Method Based On Rough Set And Immune Strategies