Research On Intrusion Detection Model Based On Traffic Analysis

Pattern matching technology is the most widely used in the commercial intrusion detection system, which plays an important role in the process of detecting the network traffic data with the high accuracy. Through the efficient pattern matching algorithm, it is able to analyze the network traffic data of the key nodes in real-time, accurate discovery of known attacks, which can be found out to be a very effective method.Artificial neural network has very strong self-learning, adaptive ability and high fault tolerance ability. It is widely used in the research of anomaly intrusion detection, and it shows good performance. Applied it to anomaly detection, not only can discover unknown attack behavior, but also effectively deal with the problem of uneven flow distribution in the network.This article focuses on pattern matching algorithm and BP neural network research. For single-mode matching algorithm to analyze the matching process, efficiency of the algorithm, the improved algorithm based BMHS algorithm, making it a more efficient matching speed; for BP neural network analyzes the basic idea, process, problems as well as its causes. Genetic algorithm optimization BP neural network. Based on the above research foundation analysis, intrusion detection model based on traffic analysis. Details of the research are as follows:In the first place, the principle of pattern matching algorithm and the model of intrusion detection based on pattern matching algorithm are analyzed, noted problems of single-mode matching algorithm. For single-mode matching algorithm, when the first character does not match, will face too much matching problem. We propose an improved algorithm, experimental verification improved algorithm can effectively solve the problem of the first character mismatch, improved efficiency by matching.Then, according to the problem of BP neural network, combined with the actual needs of intrusion detection, this paper proposes a genetic algorithm to optimize BP neural network, which has higher detection efficiency and less training time. Through the experimental analysis, it is proved that the use of genetic algorithm to optimize the BP neural network is very effective for neural network.Finally, this paper analyzes the advantages of the pattern matching and BP neural network, and proposes a hybrid intrusion detection model, which is mainly used pattern matching to detect network traffic in real time, achieve the purpose of the online real-time detection of attacks; BP neural network is used for off-line detection, and detect the approximate normal flow and unknown attacks. The validity of the model is proved by experiments.