The Research Of Network Intrusion Detection Based On Traffic Matric

Intrusion detection technology is another kind of real-time defensive technologyfollowing the traditional protective measures such as firewall, data encryption and so on. Howeffectively intrusion detection systems can detect the exist anomalies on the Internet and howcorrectly distinguish the types of network anomalies to ensure the normal operation ofInternet, which has become an important research topic in the field of network security.The network anomalies with the nature of sudden, unpredictable and complex, so someanomaly events usually may occur some changes in the feature attributes, and accordinglysome changes of the feature attributes usually indicate a number of anomaly events. As animportant form of Internet operations and managements, network flows contain theinformation during the source-destination IP address, source-destination port, network serviceprotocol and other features. As an important organization form of network flow, traffic matrixusually contains the normal components of approximate period, abnormal components andnoise components. So processing and detecting each kind of components effectively havebeen a key in the study of IDS for network anomaly detection and classification. This papertakes the network traffic between source and destination nodes into matrix form as animportant input of IDS.Building a good network intrusion detection model can be helpful to analyze the networktraffic, improve the detection rate of intrusion detection system and reduce the false positiverate. On the basis of the research about traditional intrusion detection methods and principles,this paper has designed a new intrusion detection model based on network traffic matrix,which takes the network traffic matrix as the analysis object. The model includes somemodules of traffic data collection, raw traffic preprocessing, traffic anomaly detection andtraffic anomaly classification. In order to achieve the exceptionally accurate network anomalyalarm and classification, this paper respectively use the anomaly detection algorithm based onPGM-NMF and the anomaly classification algorithm based on cluster analysis in the modulesof traffic anomaly detection and traffic anomaly classification.Based on the above model design, this paper also presents the design processes of IDSbased on traffic matrix. Using the entropy algorithm for the preprocessing of original networktraffic data gets a traffic matrix based on entropy. By proposing a network traffic anomalydetection algorithm based on PGM-NMF, we realize the normal subspace built of theentropy-based traffic matrix. And on basis of reconstruction error we determine theinformation of anomaly by Q-statistic. Further to determine the types of network anomalies,we propose a network anomaly classification algorithm based on cluster analysis. In order todetermine the types of anomalies accurately, this algorithm matches the results of network anomaly cluster analysis and the database of anomaly features pattern. Finally, this papergoes through some simulation experiments to verify the anomaly detection and classificationperformances. Compared with the traditional intrusion detection schemes, the designednetwork intrusion detection model based on traffic matrix has certain advantages.