A New Classification Algorithm Its Application In Intrusion Detection

Intrusion detection system is ansignificantpart of network security,intrusion detection technology plays an important role in protecting Internet security,national security strategy and other fields.As a dynamic security technology,it can detect and intercept illegal intrusion in time to protect normal netizens from harassment and threats from hackers.However,the traditional intrusion detection system can not recognize new network intrusion,such as zero-day attacks and so on.And the accuracy detected by the traditional intrusion detection system is not quite high,it could result in a large number of false positives,but the generated information is actually normal or reasonable when using computer.Large numbers of false positives can increase the labor capacity of managers which may potentially lead to the neglect of truly critical security incidents.Therefore,people urgently need to study a new type of intrusion detection system with higher accuracy and higher efficiency.Machine learning,as the technology with explosive grow in recent years,has been applied in the intrusion detection increasingly,because it can effectively improve the accuracy of intrusion detection system,reduce the false positive rate and detect the newly emerging intrusion by self-training and learning.According to the above problems,this paper proposes a hybrid intrusion detection classification algorithm by combining the machine learning method,to improve the accuracy of intrusion detection,and to improve the efficiency of intrusion detection by constructing distributed intrusion detection system.The main research achievements and innovations of this paper are as follows:(1)A feature selection algorithm is proposed by combining Fisher Score and support vector machine.The sample set features are scored through using Fisher Score and the score accuracy is tested through using the information entropy features in the support vector machine.This method ensures to preserve optimized feature subset firstly in the process of feature ranking.(2)A nearest neighbor intrusion detection algorithm is proposed based on density peak.By using the density formula based on density peak clustering algorithm,a controllable threshold is added to the density formula to ensure that the density is optimal in any scenario.Intrusion detection classification is conducted by the use of density-based weighted nearest neighbor algorithm,greatly improving the accuracy of intrusion detection.(3)A distributed intrusion detection system model is proposed.The original test sample set and the nearest neighbor algorithm of density peak are on the Hadoop cluster for distributed operation,which significantly shortens the execution time of intrusion detection system and improves efficiency of intrusion detection.