Research On The Network Abnormal Behavior Detection Based On The Classifier Fusion

With the rapid development and the popularity of the Internet, all kinds of networkintrusion behavior appears more and more increasingly. In order to effectively curb thenetwork intrusion behavior, in the1980s, the network intrusion detection system was putforward. Intrusion detection system is the important content of the network security defensesystem, it built network anomaly detection model through all kinds of machine learningmethods, put the current network data that was collected into the model to deal with, andfound the anomaly and warned. So far, in order to protect the network security, statisticalanalysis method, artificial neural network method, the data mining method, fuzzymathematics theory and so on were proposed to apply to network anomaly intrusion. However,it is hard for single security measure to attain good detection result, and it limit the applicationof intrusion detection system in practice. So, this paper applies the improved D-S evidencetheory and SVM classifier to network anomaly behavior detection model.First of all, basing on the theory of intrusion detection, this paper reviews the basicintrusion detection’s concepts, development, functions, sorts and commonly detection models.Then the paper describes the principle of support vector machine and data fusion technology.The support vector machine used structural risk minimum (SRM), and can solvehigh-dimensional and small sample well, it is a good classification and prediction algorithmon intrusion detection.Then, according to the evidence combination problem of highly conflict evidences andhigh false positive rate, the paper applied an improved D-S evidence theory method to applyto network anomaly behavior detection, and built an intrusion detection model with SVMbased on data set’s attribute features. Simulation experiment used Lincoln laboratory’s dataset, and achieved the fusion of different detection results based on classification of SVM, andcompared the fusion results before and after, the proposed model can effectively improve thedetection rate and improve the overall detection performance.Finally, according to the poor detection performance in the previous detection technology,and basing on SVM and the improved D-S evidence theory, this paper proposed a newintrusion detection method based on SVM algorithm and improved D-S evidence theory. Thisresearch apply a Regression Method Based on the Support Vectors for classifier fusion toNetwork abnormal behavior analysis, and uses depth first search to find the best parametersfor SVM, and builds a model with D-S evidence theory. The experiment has proved that thismethod can effectively improve the detection performance and reduce false positive rate.