| Computer network has brought conveniences to human beings’ daily life, study and work during the past two decades. However, various security problems, such as computer virus, information disclosure and steal, network intrusion, and network attack, also come along with it, and they might cause enormous economic losses and social benefit damage. Thus, to ensure the security of network, the protection of data, software and hardware from malicious attack and damage is becoming increasingly important. This thesis focuses on one of the most popular network protection technologies, intrusion detection, being able to discover network intrusion and attack by collecting and analyzing system data.Although some approaches in intrusion detection had been proposed, still challenges come out as the quick development of network bandwidth, topological structure, and the new attacking approaches. One of the main problems is that the dimension of alert data in intrusion detection systems(IDS) becomes higher and more complex. Another serious problem is that the volume of alert data in IDS is growing in numbers. All of these problems lead to burdens to IDS, such as the real-time capability of IDS, time consumption, accuracy calculation, etc.. To improve IDS’s real-time ability, reduce its time consumption, and increase its accuracy, is meaningful and significance for making effective network security defense strategy, building a network security system.Considering the above issues, in this thesis, we propose a new intrusion detection model based on the IG-NMF and PSO-FCM. Firstly, facing the problem of high dimension and complex alert data, we take the advantage of Info Gain algorithm and Non-negative Matrix Factorization algorithm(NMF), putting forward the IG-NMF feature dimension reduction method which could reduce the dimensions of alert data efficiently and reduce the time consumption greatly by eliminating the invalid and redundant features. Secondly, we utilize a PSO-FCM clustering analysis algorithm,a relatively mature FCM optimization method, to tackle the problem on calculation accuracy; in detail, the method PSO-FCM is to integrate Fuzzy c-Mean algorithm(FCM) with Particle Swarm Optimization(PSO), a method with fast convergence speed and a strong global optimization capability, to eliminate the sensitivity of FCM in regards to initial values and noise data. This method also avoids the local extreme successfully, and optimizes the searching abilities. To conclude, our new intrusion detection model has a better performance with respect to global optimization and local search ability in dealing with a mass of alert data. In addition, it is able to process large and high-dimension alert data efficiently and successfully with a higher accuracy and much less time consumption by IG-NMF and PSO-FCM. |
PDF Full Text Request