Design And Implementation Of Adaptive Intrusion Detection System Based On Decision Tree

Now,hack attacks and other network security threats are becoming more and more serious with the rapid development of network technology.How to detect and defeat new kinds of intrusions on the Internet has become one of the most important topics in network security field.As one of the key techniques to defend from hack attacks,intrusion detection system can identify anomalous behaviors and predict intrusions to defeat hack attacks at the right time.However,traditional intrusion detection systems are not adept at coping with the changes of network environment and variations of attacks.Traditional intrusion detection systems have the weakness of they can't adapt themselves to identify new intrusion patterns.Thus,to construct IDS and related algorithms which have the ability to identify new pattern intrusions is of significant research value.Based on researches of adaptive intrusion detection systems,this thesis designs an enhanced network-alarmed adaptive distributed intrusion detection system to improve traditional intrusion detection system's network defense ability.Benefitting from decision tree algorithm's high accuracy rate and efficiency of detecting intrusions and processing massive data,this thesis proposes a modified architecture of network-alarmed adaptive distributed intrusion detection system to implement decision tree as a core intrusion detector.To remedy decision tree's weakness in identifying new intrusions,this thesis proposes an adaptive decision tree algorithm.The thesis modifies the architecture of network-alarmed adaptive distributed intrusion detection system to implement the adaptive decision tree.The enhanced network-alarmed adaptive distributed intrusion detection system can combine the local beliefs of local detectors with some "global" beliefs.By comparing the "global" belief with security threat thresholds,the local detectors can judge the global security situation briefly.If the "global" belief is beyond the threshold,the local detector sends security alarms to surrounded equipment.Simultaneously,the enhanced network-alarmed adaptive distributed intrusion detection system protects key equipment by deploying detectors to detect the data flow into the key equipment,alerting key equipment portentously.The adaptive decision tree algorithm has the ability of rapidly adapting local parts of itself to identify new pattern intrusions on behalf of obtaining the attribute data of the new intrusion.The simulation experiment shows that the adaptive decision tree has good performance no matter having sufficient data or not.The main innovations of this thesis are shown as follows:(1)Through researches of intrusion detection system,especially adaptive distributed intrusion detection system,the thesis proposes an enhanced network-alarmed adaptive intrusion detection system to gather surrounded devices'belief into some "global" belief to identify new intrusions,alarm the threated equipment in real time and wait for further processing.(2)On the basis of decision tree algorithm,the decision tree algorithm is applied in the enhanced network-alarmed adaptive distributed intrusion system to identify intrusion behaviors rapidly and efficiently.(3)To remedy the weakness of decision tree algorithm,the thesis proposes an adaptive decision tree algorithm which can adapt itself rapidly on behalf of gathering information of anomalous behaviors.The adaptive decision tree algorithm enhances the ability of recognizing new intrusion pattern of decision tree.The simulation results show that the adaptive decision tree's detection rate up to 79.4%,rising 5.14 percentage point,comparing ordinary decision's 74.25%detection rate.The false negative rate reduces to 1.09%from 3.18%,reduced by 2 percentage point.The false intrusion type rate is reduced from 17.97%to 2.27%.(4)The adaptive decision tree algorithm is applied in the enhanced network-alarmed distributed intrusion detection system.On behalf of enhanced network-alarmed distributed intrusion detection system's ability of identifying new intrusion behaviors,the intrusion system adapts itself rapidly to identify new intrasion patterns by implementing adaptive decision tree algorithm as the core intrusion detector' algorithm.Implement the adapted decision tree into the intrusion detecting point to detect new intrusions in the global network environment,waiting for further processing.