Research On Key Algorithms Of Intrusion Detection Data-processing Analysis

Since the birth of the Internet, network security especially intrusion detection field has always been a research focus of researchers and the problem that should not be underestimated.The measures of the attackers are more subtle and complex nowadays.The alarm data generated by network security devices are scattered,independent, huge and redundant, leading to increasingly serious security problems.Taking account into the cost of the equipment update, how to use the intelligent algorithm to find the tracks of the attacker from the complex security data has become a top priority.By reading a lot of domestic and foreign literatures and analysing the intrusion detecion alarm data of different attack measures, an alarm aggregation model based on SVM(support vector machine) is proposed in the paper firstly. By experimenting and contrasting with differernt kernel functions on dataset KDDCUP99, the paper obtains the result that using polynomial kernel function can get the highest accuracy for data aggregation. Then, since the aggregation performance of SVM has a great relationship with its parameters, and random parameters which are set by users manually can not guarantee the accuracy of the results is the best. The genetic algorithm is used in the paper to automatically optimize the parameters of SVM model to avoid randomness and blindness of setting parameter sartificially. The simulation results of dataset KDDCUP99 proves that the accuracy of the aggregation model which is established in this paper is higher than the accuracy of aggregation model which is established with random parameters.Then a method of attack senario construction-the algorithm of the maximal sequential pattern mining without candidates is put forward in the paper, which is used to reduce the attack sequential pattern count and improve the time and memory efficiency. The method overcomes the weaknesses of the traditional sequential pattern mining, making it easy to implement the real-time online attack purpose recognition and understand the mining results. Three strategies are proposed in the paper to improve the efficiency of the algorithm. The experiment based on the DARPA 2000 dataset shows that the method can effectively construct the multi-step attack scenario, and outperforms the BIDE algorithm in time, memory consumption and the presentation of the mining results.