| Machine learning-based anomaly detection approaches are gaining increasing attention in the network intrusion detection community because of their intrinsic ability to discover novel attacks.This ability has become critical since the number of new attacks has kept growing in recent years.However,most of today’s anomaly-based IDSs generate high false positive rates and miss many attacks because of a deficiency in their ability to discriminate attacks from legitimate behaviors.These unreliable results damage the dependability of IDSs.In addition,even if the detection method is sound and effective,the IDS might still be unable to deliver detection service when under attack.Referencing to the relevant work in this area, the thesis research improved KNN algorithm-based (combined strangeness and isolation algorithm-based) NIDS. The principle of the algorithm and the architecture of the system are explained. The intrusion detection algorithm analyzes different characteristics of network data by employing two models: strangeness and isolation. Based on these models, a correlation unit raises intrusion alerts with detecting information. The system is separated into two parts:training part and detecting part. Correspondingly, the intrusion detection algorithm includes training combined strangeness and isolation algorithm and detecting combined strangeness and isolation algorithm.The intrusion detection algorithm is implemented by C++programming language. The intrusion detection algorithm is evaluated on KDD CUP99intrusion detection dataset. In order to preprocessing the dataset, the thesis complements Standardization, normalization procedures and clustering procedures. The experimental results show that the performance of our approach is well.Finally, simply discusses the intrusion tolerance mechanism in the NIDS framework. |
PDF Full Text Request