Research And Design Of Intrusion Detection System

With the rapid development of Internet, mobile payments and a variety of communication tools based on OTT(Over The Top) become more and more mature, and there is an increasing number of people who use them at high frequency. As Internet is vulnerable to hackers, Trojans, viruses and other malicious operations, intrusion incidents continue to occur. Intrusion detection system (IDS) can be a real-time monitor of host computer or the network. As an important part of security defense system and risk evaluation, IDS collect and analyze suspicious events, cut off alarm or active intrusion channel. Facing the severe situation of network security, deploying network security equipment including IDS is a valid solution. IDS is a kind of active protection tools and the basis of risk assessment, and have become one of the hot spot of current research.Now most of the intrusion detection systems are based on pattern recognition. The configuration of intrusion detection rules when facing different network environment needs the experience of experts and people need to update rules constantly to cope with the new intrusion behaviors. It is difficult to identify the real information when there are a lot of false alarms of legal procedures. IDS based on traditional statistical machine learning method is excellent in theory but its precondition is sample size tend to infinity, which is difficult to satisfy in practice. Support Vector Machine (SVM) theory solves these problems and has an excellent performance dealing with high-dimensional data sets of small samples. SVM has good generalization ability as well.The main works of this paper mainly include the following:1. This paper studies related concepts and theoretical basis of the support vector machine (SVM). This paper introduces the random forests and SVM-RFE algorithm, the concept of feature selection and its four processes. 2. This paper introduces the common intrusion detection framework (CIDF), and puts forward an improved model of intrusion detection system based on SVM. And this paper has carried on the summary of the whole system design and mainly analysis the function of each module and data flow between modules. What’s more, this paper gives the general intrusion detection system designing flow chart.3. For the low efficiency of grid searching parameters of the SVM, this paper proposed an advanced genetic algorithm to optimize the search method of SVM parameters. The method of the traditional genetic algorithm was improved, combined with the number of iterations adjusting crossover probability and mutation probability, and the integration of distributed computing. Compared with the traditional grid search, the searching efficiency is largely improved.4. Considering long time in model training when SVM deals with high-dimensional large sample data sets, this paper proposed a feature selection algorithm combined of random forests and RFE. This algorithm gets the optimal feature subset from the original feature set, and then applies it to the training in the intrusion detection system based SVM model and predicts the unknown samples. Compared with the traditional SVM, the module training time is shorten.5. Detailed designing and coding of each function module of the improved IDS model is done. This paper mainly develops the system based on Libsvm and Weka, and tests each module and the whole system using KDD CUP99dataset. And then gives the experiment process, the evaluation standard and the experimental conclusion.The final experimental results show that this paper puts forward an improved intrusion detection system based on SVM compared with the traditional intrusion detection system. It improves the classification accuracy of samples of four categories, optimizes the parameters search and greatly shorten the training time.