The Research Of Intrusion Detection Based On Naive Bayes And One-R

Open network environment helps people fully enjoy the convenience of the network。However, in the mean time, all sorts of attacks, aimed at destroying the network, are increasing day by day. The Intrusion Detection System (IDS), one of the critical techniques to protect the security of network, is being made much account of. In the sight of Data Mining (DM), Intrusion Detecting is the processes of classifying audit data. The algorithms of Intrusion Detecting Classification, the core of the IDS, are being hot studied by the DM researchers. The rapid changes of intrusion techniques as well as the Intrusion Detection Audit data, huge with high dimensional and full of redundant attributes, cause unwarranted to real-time, long training period, as well as low detecting rate. With the motivation of improving the performance of real-time and enhancing time performance and precision of detecting model, we start our research towards Intrusion Detection based on the Na(?)ve Bayes.The contributions of this dissertation are as follows:(1)The application of Data Mining techniques in the Intrusion Detection was summarized firstly. Many popular adopted feature selection methods and classic Bayesian classification algorithms are analyzed, combined with experimental analysis.(2)Considering the requirement of conditional independent hypothesis of Naive Bayes Classifier and aiming at eliminating redundant and irrelevance attributes from Intrusion Detection audit data, the theory of One-R was brought into the research of Nai've Bayes Intrusion Detection classifier. Therefore, A two-step method for feature selection, based on the One-R and supervised by the Naive Bayes, is proposed(One-R-BF for short).Experiment shows that One-R-BF is superior to other feature selection methods for Na(?)ve Bayes Classifier.(3)Consequently, in order to conform to the requirement of real-time performance, a Naive Bayse Classifier combined with One-R-BF is presented (One-R-NBC for short) and applied to Intrusion Detecting. Experiment shows that One-R-NBC has a lower cost and better precision than C4.5. While it's critical to update the classifier model, the real-time performance of One-R-NBC is much better than that of C4.5. (4)Finally, a distributed method is adopted to improve the One-R-NBC, targeting at solving the possible over fitting problem of the classification model. According to the experiment, this new method (D-One-R-NBC) is efficient and somewhat avoid the problem of over fitting.