Network Intrusion Detection Technology Research And Application

With the development of the network technology and global information whose pace is faster and faster, the network information systems have become a unit, a department, an industry, even as an infrastructure of the national livelihood. Network security has become an important component of national security. Intrusion detection technology as a kind of important dynamic protection technology has become a security gate following the firewall, data encryption and other security measures after the traditional network。Network intrusion detection system which distinguishes normal network communication or abnormal intrusion behavior from the mass network data, not only can reduce manual analysis and decoding of the immense work, but also can improve the adaptability of the intrusion detection system.Most current intrusion detection systems using a simple detection method based on pattern matching have a large consumption of resources, false alarm rate and can only detect known intrusion behavior, unknown intrusion detection less effective. Data mining which can distinguish the anomaly data from the massive data, is very suit for intrusion detection. In this paper Bayesian classification of data mining methods is used in network intrusion detection system. First the system trains a good Bayesian classifier, and then grabs the current real-time network packet. After processing, the packet will be converted to the vector which can be identified by the Bayesian classifier, and will be sent to classifier. Finally, the theory is applied to the actual, realized an intrusion detection system and tested. The result indicates that the new intrusion detection system is fast, having high intrusion rate and good adaptability.This thesis is consist of five chapters. ChapterⅠdescribes the background of current intrusion detection and trends. ChapterⅡdiscusses the basics of intrusion detection, intrusion detection technology and introduces the concept, meaning, classification method and intrusion detection standards. ChapterⅢfocus on the Bayesian classification in data mining theory contrast to the shortcoming of traditional pattern matching-based intrusion detection system and its application in intrusion detection. ChapterⅣdescribed the preprocessing of intrusion detection data, including packet capture, protocol analysis, getting the value of classified attribute and the research of the discretization of continuous attributes. ChapterⅤconstructs the intrusion detection systems including the system framework and testing process on the bases of the theory of previous chapters. Then test this system with DARPA 98 data set, verifying the practicality of the system.