Research And Implementation Of Intrusion Payload Detection System Based On Information Entropy And SVM

In this highly informational era,the Internet has become closely related to people's daily work,study and life.The Internet is entering the corners of human society at an alarming rate and has become an indispensable information channel.At the same time of rapid development of the network,network security issues have also attracted people's attention.Intrusion behaviors such as hacker attacks and malware attacks have emerged endlessly,and even pose a great threat to the security at the national level.Therefore,it is necessary to implement network security technologies.Traditional defense methods such as firewalls and software updates are not enough to defend against targeted cyber attacks.More and more enterprises and organizations use intrusion detection systems as a necessary complement to the security infrastructure.Network intrusion detection technology is generally divided into misuse detection and anomaly detection.The former performs pattern matching based on known attacks and network data,which can effectively detect known attacks,but can't do anything against unknown attacks;the latter establishes normal activity specifications set,when the system detects data that violates its statistical laws,it is considered that abnormal behavior has occurred,and the anomaly detection technology can detect unknown attacks.At present,most commonly used network intrusion detection systems use misuse detection technology.Nowadays,network attacks are highly variable.The network intrusion detection system based on misuse can no longer meet the security requirements of enterprises and organizations.For this situation,it;s necessary to research and develop network intrusion detection system based on anomaly detection.Aiming at the problem of large false alarm rate and high false negative rate caused by large amount of network data in anomaly detection and high computational cost,this paper comprehensively considers the information entropy contained in the sample as a subset of the large reduction sample characteristics and combined with SVM technology.An intrusion payload detection system based on information entropy and SVM principle is proposed.The system collects payload information extracted from network packets,uses payload information entropy as the clustering basis,and integrates many one-class SVM classifiers to detect network attacks,it avoids the defects of large sample calculation and high false positive rate,and realizes the optimization of intrusion detection efficiency and the improvement of intrusion detection accuracy.The intrusion payload detection system designed in this paper is mainly divided into four modules: detection information acquisition module,data feature extraction module,cluster reduction dimension module and model detection classification module,and finally obtain the detection results.The clustering reduction dimension module adopts the information entropy-based clustering algorithm,which can effectively reduce the JS divergence within the cluster and increase the inter-cluster JS divergence,thus obtaining better clustering performance,solving the dimensional disaster and invading.The efficiency of the inspection system provides a guarantee.The model detection classification module uses the SVM technique to obtain a threshold in the training phase,and at the time of detection,it is only necessary to compare the score calculated by the payload in the SVM model with the threshold to determine whether the payload is abnormal or not.Since the shellcode attack and the polymorphic hybrid attack have a great influence on the structured information of the payload,the intrusion payload detection system of this paper is accurate in detecting such attacks,and still has relatively high detection under the premise of low false positive rate.