Research Of Intrusion Detection Based On An Adaptive Bayesian Network

In recent years,with the development of computer technology,the common people's life has the very big change, the traditional life of shopping, study, make friends, and even entertainment can be completed on the Internet. With the rapid development of Internet has brought great convenience to people's life, at the same time also produced many security problems. Therefore, related to intrusion detection study is becoming more and more attention by people.Intrusion detection technology as an important technical means to protect the safety of network for the first time since the proposed already has more than 20 years of time, due to the constant change of the network environment and hackers technology constantly improving, the means of network attack is becoming more and more complex, more and more high to the requirement of intrusion detection technology. From the current demand to see a kind of adaptability, high precision, high detection efficiency model of intrusion detection technology is the direction of the study at present.In the field of data mining, the bayesian classification algorithm due to their high accuracy of reasoning and predict become very important methods in data classification. As a result, many researchers tried to bayesian classification algorithm applied to intrusion detection model in the study, the final exper imental results is satisfactory. But the intrusion detection model in addition to testing requires a high degree of accuracy, have certain efficiency and can also require according to the change of the current network environment attacks make adaptive resp onse. Therefore, this article will be based on the attribute reduction algorithm of rough set theory and based on sliding window window extended algorithm is introduced into the bayesian classification algorithm, and based on this, advances an adaptive algorithm of bayesian network.This adaptive bayesian network algorithm combines rough set theory, window extended algorithm and mutual information theory. Using the properties of the simple algorithm based on rough set theory dimension of training sample set, contracted attributes columns to reduce operation cost in the bayesian network structure; By using dynamic update training sample set window extended, make training sample can real-time reflect the current system security situation; Study bayesian network under the condition of different training sample the change of the mutual information between nodes, and by defining a Euclidean distance to measure the mutual information between the nodes of this change, find a bayesian network structure difference and the relationship between the mutual information change, on the basis of bayesian network structure of the adaptive update to improve detection model adaptability. Experiments show that the algorithm is applied to intrusion detection, not only reduced the amount of calculation, improve the detection efficiency, and when the mutual information between nodes under different training sample relative Euclidean distance is greater than the given threshold of epsilon = 1.15 when bayesian network structure compared with before the big change, the accuracy of classification is also decreased significantly, the update of bayesian network structure, the precision of classification have obvious improve, improve the adaptability of the detection model.