Design And Implementation Of Intrusion Detection System Based On Bayesian Network

Internet security is a problem of great harm,wide coverage and serious impact on social security and stability.How to avoid and reduce network attacks has become an urgent issue.As we all know,the Internet problem can not be separated from the network.Strengthening the detection of network intrusion can effectively reduce network attacks and improve the security environment of the Internet.As an important part of network security,intrusion detection system integrates many disciplines,which is of great significance to the research of intrusion detection.This paper will focus on the development and implementation of intrusion detection system.Intrusion detection technology is mainly divided into misuse detection and anomaly detection.Misuse detection is based on pattern matching principle.Misuse detection collects behavioral characteristics of abnormal operations and establishes relevant feature libraries.When the monitored user or system behavior matches the records in the libraries,the system regards this behavior as intrusion.Anomaly detection is based on the principle of statistical analysis.Summarize all kinds of behavior parameters that normal operation should have,describe the scope of normal behavior in a quantitative way,when there is a significant deviation between user activity and normal behavior,it is considered as intrusion.With the continuous updating of hacker intrusion means,the traditional misuse detection technology has been unable to keep up with the update of intrusion means,through the misuse of detection technology has been unable to achieve good results in detecting intrusion.Anomaly detection is an effective complement to misuse detection.There are many kinds of technology to detect different intrusions.Through the introduction of two different detection technologies,this paper analyzed the differences between the two detection technologies,and then focused on the analysis of the concept and principle of anomaly detection technology.The feature of network intrusion data stream is extracted by establishing a normal model for the feature of normal request attribute domain,and the deviation between the extracted feature and normal model is used as a criterion to detect whether it belongs to intrusion attack.The research contents of this paper are as follows:(1)Analyse Naive Bayesian Classification algorithm,study its defects and shortcomings,introduce incremental learning strategy to improve Naive Bayesian Classification algorithm.(2)Learning and analyzing the operation principle of general intrusion detection system and the working relationship of each module.(3)Through the analysis of HTTP protocol,the different attribute fields in HTTP protocol are taken as the basis of intrusion.(4)The intrusion detection system is designed and implemented,and the requirements,design and implementation of the system are studied and analyzed.