Dynamic Distributed Intrusion Model

With the rapid development of the internet, information security is becoming one of the most serious problems. Network intrusion detection is a crucial part in the whole information security protection system,so it is of great significance to do research on network intrusion pattern analysis for advancing the network techniques and further improving the internet utilization efficiency.In this thesis, in order to solve some problems in existing intrusion detection algorithms and meet the new requirements from the development of the internet, we do some research on the methods for intrusion pattern analysis. The main contributions of this thesis include the following issues:(1) We propose an improved online boosting based intrusion detection algorithm. Compared with existing intrusion detection algorithms which are trained off-line, our method can online learn the new intrusion patterns quickly with good detection performance, so that the intrusion detection system can adapt to the dynamic changing network environments well.(2) Since the continuous and categorical features differ greatly for the network behavior data, we construct weak classifiers separately on each feature dimension, then generate a strong classifier based on the Adaboost ensemble scheme ,resulting an intrusion detection algorithm with low computational complexity. Meanwhile, through adjusting of the initial weights for the training data, we can balance the detection rate and false alarm rate of the intrusion detector, which further improves the detection accuracy.(3)In order to meet the requirements for intrusion detection in the distributed architecture, we propose a distributed detection algorithm based on Gaussian Mixture Models and Adaboost ensemble. Our method can generate an intrusion detector reflecting the global intrusion observation data with very little communication cost, so that the detection ability of each distributed detection site is greatly improved, and no sharing of the original network data is needed which protects the data privacy of network users.In a word, in this thesis, we have made a lot of fruitful attempts and significant progresses on research on network intrusion detection in the dynamic and distributed network environments.