Research On Probabilistic Models Based Network Intrusion Detection Techniques

As a new generation of network information security technology, and after several yearsof development, intrusion detection has been popular. While it still needs further researchabout how to improve the effectiveness of the detection algorithm and further reduce the falsealarm rate and false negative rate. At present, it is an important research direction to applymethods of pattern recognition in intrusion detection; and, considering the randomness ofintrusion detection’s data, probability model is more in line with the problem.Considering the randomness and imbalance of intrusion detection data, the thesis appliedthe support vector data description model and its improvement, Bayesian data descriptionmodel in intrusion detection problem. And the principal component analysis technique wasapplied to make the variances of the data to be equal, so it will be more consistent with themodel’s hypotheses, and achieve improvement of the model. The main content is as below:(1) Considering the imbalance of intrusion detection data, the support vector datadescription model was applied in intrusion detection problem, which is a one-class model;and considering the randomness of intrusion detection data, and the association of the dataitem before and after, the thesis studied the Bayesian data description model, which isimproved from the support vector data description model by Bayesian parameter estimationtechnique. From the experimental results we get that, the two models’ detection rates havereached to80%, which indicate the feasibility of applying the two models in intrusiondetection problem; and, the Bayesian data description model performed more stable than thesupport vector data description model, which prove the superiority of applying probabilisticmodels in intrusion detection problem.(2) Because above two models are both based on hyper sphere hypotheses, the principalcomponent analysis technique was applied to make the variances of the data in each directionto be equal, and make the data with a hyper sphere distribution, so it will be more consistentwith the model’s hypotheses, and achieve improvement of the model. At the same time, whendetermining the final classification threshold, and considering the case of existing fewnegative samples, support vector machine was applied to train it, so as to eliminate subjectivity of original test method. Based on above two aspects, the improved probabilisticmodel was achieved.(3) To test the thesis improved model’s effect when applied in intrusion detectionproblem, the experiments was designed based on Standard intrusion detection data set. Fromthe experimental results we get the conclusion that, with the improvement of principalcomponent analysis technique, the average detection rate reach to87.46%, with almost10%improvement. And also, compared the achieved improved probability model with othertraditional models, the detect result is better than some two-class models. From the aboveresult we get the conclusion that, it has a good effect to apply the improved model inintrusion detection problem, the intrusion detection rate has greatly improved.