Research Of Intrusion Detection Based On Multiple Classifiers

With the rapid development and extensive applications of network technology, network security issues attract more and more attention. How to identify existing attacks and growing number of new attacks accurately and effectively is the major problem faced by intrusion detection systems. Compared with the traditional intrusion detection technology, pattern recognition method with good reasoning ability can identify unknown intrusions that have not been described.The traditional pattern recognition systems tend to use only one classifier, therefore, the classifier is required to achieve good classification performance on all samples. But one simple classification is difficult to meet this requirement. Therefore, this paper will consider the combination of multiple classifiers to improve the detection performance of intrusion detection system, which is a hot research field of pattern recognition currently.The works of this paper include:First, this paper presents a classifier based on the accuracy and diversity measure (Based on Accuracy and Diversity Measure, BADM) multi-classifier selection algorithm. This algorithm selects the classifiers subset which is of high classification accuracy and large diversity measurement. The experiment results based on the KDD CUP99data sets show that, the algorithm the paper proposed achieved a good detection results. The overall accuracy rate is better than the direct integration with0.3percentages, and most importantly the result is higher than the KDD CUP99winners’.Second, the KDD CUP99dataset used in our experiment is bench mark in the field of intrusion detection research. The data set is introduced in detail and then is preprocessed. The main processes include characteristic symbolic value quantization, normalization and feature selection. After comparing different search method used to select subset of features, the experiment showed that the feature selection method based on genetic algorithm has best performance. At last, we chose genetic algorithm to preprocess the data set and finally we got the training and test sets.Third, this paper improved the Snort which is widely used using the proposed algorithm BADM.The system based on the combination of multiple classifiers and Snort is described in detail, including the overall architecture of the system, the function of each module and the implementation methods.Forth, this paper built a firewall and intrusion detection technologies linkage system using open source Snort intrusion detection system and Linux Netfilter/Iptables firewall. Tests on this system shows, the system can withstand basic attacks, and has a dynamic defense capability. Therefore we can draw this conclusion that the design of this system can satisfy the needs of SMEs for network security defense and building this network security defense system has a positive meaning.