Research On Intrusion Detection System Based On KPCA And RF Algorithms

In recent years,the malicious invasion has become a threat of network security,the phenomenon of illegal invasion increased year by year,causing great economic losses.Traditional network protection technology has been unable to cope with various forms of network intrusion.Intrusion Detection System(IDS),which can identify and block malicious network traffic,has become one of the important security countermeasures.The Snort IDS studied in this paper plays a crucial role in preventing intrusion and can effectively protect the security of the system.However,Snort is a system based on misuse detection,which relies on the rule to make pattern matching judgment in order.Therefore,the huge and complex intrusion data will lead to various problems such as slow detection speed,poor classification accuracy and false and missing reports in Snort system.In view of the above problems,the kernel principal component analysis(KPCA)and random forest(RF)algorithm is proposed based on intrusion detection technology in this paper,which effectively reduces the complexity of high-dimensional data and improves the classification of intrusion detection,the accuracy of the algorithm and the overall performance of IDS.The main research contents of this paper are as follows:(1)FKPCA algorithm was used to process KDD-CUP99 data set.In order to give attention to both local learning ability and generalization ability,we use the kernel principal component analysis(FKPCA)of mixed kernel function to extract features from the high-dimensional original data set.Meanwhile,we used the fruit fly optimization algorithm to carry out global optimization of parameters to prevent the blindness of parameter setting in the mixed kernel function.By multiple sets of simulation experiment,the data set classification test after feature extraction to prove that FKPCA algorithm can effectively reduce the complexity of intrusion detection data sets.(2)Summarizes the commonly used classification algorithms and analyzes their performance,through simulation experiment to select good classification performance of the random forest algorithm(RF)as the research focus.In order to improve the classification performance of traditional RF and reduce false positives,this paper proposes the weighted random forest algorithm(WRF).WRF improves the voting process of traditional random forest by using out of bag sample,and assigns different weights to each decision tree to reduce the influence of decision trees with low classification accuracy on the overall classification results.The FKPCA and WRF algorithm are combined with classification algorithm WRF and data preprocessing algorithm FKPCA.A large number of simulation experiments show that the algorithm effectively improves the detection performance of intrusion detection.(3)The FKPCA and WRF algorithms are embedded in the traditional Snort IDS.Through many groups of simulation experiments prove the feasibility of FKPCA and WRF algorithm.In addition,we set up a test capability verification item according to functional requirements and add related configuration functions on the basis of Snort's original system.The operator uses a simple command line or switch button to turn off or turn on a certain function.The configured functions are compared to detect whether the institution has the ability to evaluate the intrusion detection system.