| Network intrusion, as the biggest safety problem, has been one of key research items.However, detection data is so huge that the efficiency of intrusion detection system is affected.Due to the limitation of the processing speed, the existing IDS can not cope with high speed flow.Therefore, it has been an emergency requirement that a method to improve IDS data processing speed.In order to solve the problem above, the main content of the paper are as follows:1. The current situation of network actuality and network users’ preferences are analyzed.On the basis of the reviews of the state of art of network IDS, the disadvantages of IDS are summarized.Data sampling was used to solve those problems in some texts.2. Sampling strategy based-on zero-sum game which is used to detect the data package for intrusion is introduced.According to the limitations and shortfalls of the above model, the theory of risk management is used to optimize the model, and invasion probability T is introduced to make the model more efficient.3. Provide risk measurement model and risk pricing model in sampling strategy. These models are used to quantify the risk of data package, so as to estimate the risk of every network node more accurately.4. Sampling strategy based-on portfolio investments is developed to solve more complex cases, and convex programming is used to prove the existence of the optimal solution.Moreover, probability statistics and nonlinear programming algorithm are used to figure out the optimal solution of above models.5. Netlogo is used to test the validity of sampling strategy models provided in this paper, by comparison with OPNET, NS and Matlab. False detecting rate and missed detection rate, which are two important indexs in intrusion detection system are used as test index in simulation. In contrast to random sampling strategy, simulations show the superiority the models provided in this paper. |
PDF Full Text Request