Application Of Data Mining In Intrusion Detection System

The evolution of the era brings about the increasingly fast development of science and technology. The past 19th century witnessed the prosperity of railway transportation while the 20th century which has just spanned experienced the flourishing of infomationization. Currently, we are embracing the times of network. The spreading of computer caused by the development of science and technology as well as the ever-fast inflation of network has made network security issue in the spotlight of public attention. According to the statistics, the economic losses resulting from the network security problems amounted to billons and even tens of billions every year in countries such as America, Germany and Britain.At present, people maintain the network security by relying on the firewall technology, user identification, data encryption technique and virus releasing. However, this methods bears great limitations. First, they are all static defense technology, which can not make timely upgrade and change along with the change of environment but depend on the deliberate configuration and change. Furthermore, defense means like firewall can not sense the internal offense. Nonetheless, network intrusion detection system is proactive in defense. Its introduction to the network security maintenance constitutes great complement to the static defense means such as firewall because it can make real-time detection of the external and internal offense as well as disoperation so interception and response can be done in a timely manner.In the meantime, the rapid development of network technology and accelerating expansion of network resources enables the fast growth of data transmitted online, which poses higher demand on the means of network security maintenance. In the face of enormous data, the flaw of IDS, which can be seen in the'poor self-adaptation capability and untimely change in the wake of the application alteration, expose itself completely. Facing the great amount of data, overload of data takes place frequently while occurrence of misformation and failure to report is becoming critical. The network security will be endangered if the detection efficiency can not be improved. This phenomenon makes the improvement of intrusion detection system extremely urgent.The introduction of data mining technique contributes a lot to the improvement of IDS and plays an important role in the resolution of network security issue. To a larger extent, the defects of IDS is revealed because of the great development of network data, which makes the detection of the IDS extremely hard and the finding of hidden valid data in certain period of time impossible. However, data mining can solve this issue by deleting the incomplete, noisy and obscure data from enormous complicated data so implicit and valuable data can be found for the use of people. It can be safely said that the introduction of data mining rightly makes up the many disadvantages of NIDS whereas many defects also exist in the technique in data mining technique, which is manifested mainly on the algorithm.The weakness embodied in many algorithm of data mining technique includes high complexity and mining inaccuracy, which need further enhancement and improvement. This paper aims to improve one kind of clustering algorithm in the data mining algorithm. K-means, classic clustering algothrim, is used in a broad way. But it has some defects, one of which is the confirmation of K value. The confirmation of K value in the K-means clustering algorithm is very important because it will influence the clustering effect directly. However, the confirmation of K-value can not be done rightly as always for the intrinsic defects and lack of depth in the research. This article discusses one algorithm to determine the K value. This method defines the K value by defining the between-class dissimilarity and within-class similarity. This part constitutes the creative finding of the author and is proved useful in improvement through testing.Besides, there is no doubt that the model of IDS definitely exerts great influence on the function of IDS. This paper combines the merits and demerits of misuse intrusion detection model as well as unusual intrusion detection model and makes them complement each other. Also the model is remolded and theoretically studied so that mixed IDS model is constructed and model theory and structure is proposed. This is also the creative part of this paper.The application of data mining in the IDS is a hotspot issue in China and intensive study regarding this has been done at home and abroad. But it is far from mature and needs to be further researched and studied. Because of the limits of the paper length and experimental environment, demonstration in this paper may seem to be simple. Moreover, the improvement of algorithm and model remains to be further investigated and studied.