Optimal Design And Implementation Of Intrusion Detection And Prevention System Based On Hadoop

Since the concept of cloud computing has been proposed, the development of cloud computing is increasingly rapid. Yet it is facing with such rapid pace, and cloud computing is about to suffer an unprecedented disaster, such as data loss, data corruption, and so on. The technology of intrusion detection provides for this problem an effective opportunity, but currently it combined with cloud computing technologies is not very mature, thus resulting in high false alarm rate, detection rate and other shortcomings. To solve these problems, this paper studies the depth of combined application of intrusion detection technologies and cloud computing technology, studying from the following three main areas:First, to solve the low efficiency of intrusion detection in cloud, this paper proposes a density-based binary support vector machine algorithm of intrusion detection(Density-Binary Tree SVM,D-BTSVM), and the calculation method of the density implemented in a distributed MapReduce framework. This algorithm constructed a binary tree structure of the training sequence based on the calculated density, and according to the order to train the classification model for all categories which can be used to predict and detect intrusions according to. Through the experiment, the experimental results show that the detection algorithm has higher detection rate and accuracy rate than other algorithms, can detect more intrusions.Secondly, by studying the alarm processing technology this paper presents an algorithm of alerts optimization based on MapReduce(MapReduce Optimization,M-Optimization), whose key idea is deduplication, calculating the weight and alerts merger. First it merge identical alarm recording, and then calculated weights based on the improve weights calculation algorithm M-Reflief, and finally according to each weight value of the property, merge the alerts that the high weight of property are same to in order to achieve the purposes of reduction of redundant alarms and facilitate management. In the alert optimization experiments, it proves the validity of this method, can reduce most of the redundant alerts.Finally, an intrusion detection and prevention prototype system based on Hadoop is designed and implemented, which uses the distributed file system to store the required data to facilitate intrusion detection and the optimization of alarm. The system is divided into three modules, the environment configuration, intrusion detection and alarm optimization module. Finally, the effect of the practical application proved the high detection rate of HD-SVM and efficient of M-Optimization algorithm, so as to achieve the purpose of protecting the cloud.