Study Of Intrusion Detection System Based On Mcp

With the growing popularity of computer and the development of Internet technology, network security incidents show high occurrence frequency, harm large and diversify types. As a pro-active protection technology, intrusion detection increasingly attracts the Network security personnel’s attention.However,the existing intrusion methods have their own defects and deficiencies, for example, the expert system based on misuse detection feature matching often seem to be inadequate for the new incursions which never happened; Intelligent detection method based anomaly detection such as data mining can detect new intrusion, but these methods requires analysis the data which always has vast amounts and high-dimensional feature attributes, so that, the algorithm classifying training data and learns rule often requires a long time, and the obtained intrusion rules are often more complex.This paper completes the following works:(1) After researching Multiple Criteria Programming algorithm, we propose Multiple Criteria Quadratic Programming algorithm combined with the basic idea of the MCP and Support Vector Machine. The experiments show that, the algorithm uses equality constraints to strike the optimization problem of the objective function. So that, solving the problem only need a matrix calculation which avoids the process of iterative solution of inequality constraints, and reducing the sample classifier’s training time. Simultaneously, the time of testing data in MCQP algorithm is less than SVM algorithm. Additionally, taking into account the non-linear characteristics of network data, we get Kernel MCQP algorithm adding the concept of a kernel function. Increasing the complexity of the algorithm, Kernel MCQP algorithm improve the accuracy of the classification. Meanwhile, the test time in the MCQP algorithm is also less.(2) Based on the Common Intrusion Detection Framework, adding Kernel MCQP algorithm and expert discriminant module into the system, we propose an Intrusion Detection Framework based MCP, which modifies the core module of the data pre-processing, classification and rule learning. Introducing MCQP algorithm, the model enhances the speed of the classifier’s training and data testing, which can effectively improve the system classifier training and real-time. Introducing Kernel MCQP algorithm, the model which Sacrifice the cost of time obtains higher accuracy and lower false alarm rate and it can be used in the occasion which requires higher accuracy. Meanwhile, experts discriminating module effectively reduce the system false alarm rate. (3) Finally, to verify the feasibility and effectiveness of the system, we conduct experiments using the database KDDCUP’99which is the benchmark in the field of intrusion detection evaluation.