Research On Feature Selection And Model Building In The Intrusion Detection System

The rapid development of information technology and the Internet facilitate the development of social economy,communication between people,information and resource sharing,but at the same time it bring the issue of information security and network security,for example the information leakage.The problem of information security and network security,for example the information leakage,not only cause huge economic losses for individuals and businesses,but it also bring more serious security threats for the country.In order to deal with the problem of information security and network security,the network security mechanisms become a focus of scholars.Intrusion detection system,which is an important part of network security mechanisms,has received considerable attention from researchers.This dissertation focuses on the problem of intrusion detection system,in which 2 intrusion detection methods are proposed.These two new intrusion detection models are an intrusion detection model based on classifier and ensemble feature selection algorithm(C_eFSM model),an intrusion detection model based on multi-classifiers and deep testing(MC_DTM model),respectively.In order to select valuable features,and enhance the detection performance and effect of the intrusion detection system.This thesis proposes a novel intrusion detection system(C_eFSM model).C_eFSM model is based on the ensemble feature selection algorithm(eFSA algorithm).This model first selects the important feature from the dataset,secondly,which trains the intrusion detection model by the classification algorithm.The eFSA algorithm integrates a group of feature selection methods to extract important features.In this thesis,the ensemble feature selection algorithm integrates two feature selection methods,i.e.CFS and Fisher score.First,the importance of each feature is calculated by these two methods respectively.Then the most valuable features are extracted from the results of these two methods.In order to verify the performance of the C_eFSM model,we completed the experiments on the KDDCup99 dataset.The recall rate,accuracy rate,precision,false negative rate and F-score were used for evaluating the detection performance of proposed model.The experimental results show that the C_eFSM model improves the performance of intrusion detection system,and the eFSA algorithm is an effective feature selection technology.This thesis proposes a new intrusion detection model,which is based on multi-classifiers and deep testing.The proposed model not only can enhance the overall detection performance of intrusion detection system,but also has a more significant promote on the detection performance for the low-frequent and high serious attacks.The MC_DTM model first trains a number of different classifiers,and then according to the prediction results of different classifiers predict the label of the sample.Thus,each samples get a number of the result.Next,the proposed intrusion detection model utilizes the aggregate model to aggregate the different prediction results of each samples,so that we can obtain the certain label sample dataset(CLD)and the uncertain label sample dataset(ULD).Finally,this model uses the certain label sample dataset and knn algorithm to build classifier,so that this classifier is used to predict the label of sample in the uncertain label sample dataset.To prove the performance of our proposed intrusion detection model,we used the decision tree as the classifier,and completed the experiments on the NSL-KDD dataset.The recall rate,accuracy rate,precision,false negative rate,false alarm rate and F-score were used as the evaluation criteria.The experimental results show that the MC_DTM model can enhance the performance of the intrusion detection system,especially for the low-frequent attacks.