| The rapid development of computer network technology is greatly changing people's learning, working and living modes. With the fast development of network technology and continuous popularization of network application environment, security problem also becomes more and more outstanding. When the traditional security mechanism has already not completely satisfied security requirements, as a new security means, the importance and necessity of intrusion detection technology is becoming more prominent day by day. And now we urgently need a kind of detection technique, which is of high efficiency in testing, to help people to efficiently recognizing intrusions which are from the internet.Conditional Random Fields, which has excellent performances in sequence tagging and dividing, is a great statistical machine learning method. And it has a very strong reasoning ability, so it can carry out training and reasoning using the features of complexity, reduplication and non-independence, and can effectively utilizing contextual information in marking. Therefore, by using the advantages of this method in this text, taking it as a goal to improving the testing effectiveness of intrusion behaviors for detection algorithms, we put forward detection algorithms of intrusion connection records with Conditional Random Fields as main line, from detecting the important indexes of precision, accurate rate, false positive rate and so on, then verify the efficiency of this technique through a large number of experiments. Specific researches have three aspects as following:1. According to the characteristics of conditional random fields, this method is applied into the models of intrusion detection, aiming at the testing anomaly of high efficiency and reliability. Completely utilizing the information of a variety of attributes and implicit information of its relativity in online data information, this testing model confirms expected purposes, by the examining experiment to the network connection data.2. Based on the properties of attribute set of connection record sequence, the detecting method of conditional random fields based on attribute set is proposed, merging into the way of feature set. The method brings the speciality of conditional random fields into full play, and in the process of detection, takes use of the characteristics of that the attribute set plays different role in different intrusion achieves. Proved by experiments, this method has excellent identifying anomaly ability.3. To adjust the complexity and variety of intrusion of network, we have designed a detection system with continuously improving a detection level. And this system has the system structure of flexibility and improvement. The paper puts forward an intrusion detection system, which has reasonable structure and practical function modules, basing on feature set of conditional random fields. By continual detection, when unknown anomaly is discovered, this system can improve original detection model, and advance the detection ability of the system. And this system model learns from the system architecture of a very great and lightweight intrusion detection system—Snort. |
PDF Full Text Request