| Nowadays, more and more applications based on the Internet occur because of thedevelopment of computer hardware and software at high speed, thus, the network securityis facing severe challenges. Internet security incidents frequently occur; therefore, theinformation security has been raised to national strategic level. According to networksecurity rules of grade iii in information safety grade protection which stipulates that theremust deploy intrusion detection system in the network system. In addition, the intrusiondetection technology has long been concerned by business and academia and gets fruitfulresearch achievements. However, in the terms of intrusion detection, there still exist variousproblems as attacks can’t full coverage, high rate of false alarm, models training takes along time etc. thus, the network intrusion detection still is a valuable problem to research.Aiming at the problem of high rate of false alarm in the intrusion detection system, theintrusion detection problem is treated as a classification problem. Analyzing the relatedtheory of support vector machine (SVM), because of the support vector machine (SVM)’sadvantages of dependence on sample, kernel function, feature dimension factors not strong,thus, using the support vector machine (SVM) to the intrusion detection.Aiming the problem of training model needs too long time, the solution was proposed.Innovation of this paper lies in: through a series of earlier experiments, a conclusion of the initiationparticle distribution effects the classifier performance is obtained, based on the conclusion,the areafiltering particle swarm optimization algorithm(AFPSO) is proposed. AFPSO is used in the parameteroptimization of support vector machines (SVM), on one hand, to improve the accuracy of the trainingmodel, on the other hand to reduce the training time of training model. Time complexity analysis is madefor this proposed algorithm. Aiming at the problems such as the number of optimization regionalsegmentation and optimization step length, we study and propose the solutions. Design a new intrusiondetection model and join a web attack recognition module, to make the identified web attack packetscannot enter the classifier, further reduce the interference of external factors and improve the efficiencyof attack recognition.Selecting RBF kernel function as the kernel function of support vector machines (SVM) and analyzing the influence’s parameters of support vector machine (SVM) C and,using particle swarm optimization algorithm to search the global optimal C and,according to the experiment contrast,we find the particle swarm optimization algorithm’ssensitivity to the initial particle distribution, and the initial particle distribution is moreuniform, the particle optimization can be more fully. Putting forward a filtering techniquebased on area of the particle swarm optimization algorithm which can reduce training timeof the model derived from the problem of index in database system.Aimed at the characteristics of the data packets, this article analyzes the head ofpackets of IP, TCP data packet, and UDP data packet etc. common packets. For theshortages as lack of Web security filtering and the packet throughput of energy on mostcurrent intrusion detection systems, this article makes suspicious Web attack data cannotenter the model of support vector machine (SVM), thus, saves the response time.Designing a basic framework of intrusion detection system, aiming at compatibility ofthe current security products is not strong, while, this system uses the attack truncationtechnology and alarm mechanism which are similar to the IPS, but they also havedifference.Conducting some intrusion detection simulation experiment to verify the effects ofarea filter particle swarm optimization algorithm for support vector machine (SVM), andthe experimental results show that when applying the technology into the model,comparewith the traditional classifier, the classifier of this paper can improve the accuracy ofclassification about2%to5%. |
PDF Full Text Request