| As an active information security technology, intrusion detection supports real-time protection of computer system against external intrusions, internal intrusions and erroneous operations, providing intercepting and responding before network system is jeopardized.Most of the current network intrusion detection systems usually use patterned database of well-known attacks to identify known intrusions from network- data. These methods based on pattern-matching have good performance in the detection of those known attacks, but when some unknown attacks or the variations of the known attacks appear, they can't work well. The anomaly detection methods that use data mining to analyze the network data on the basis of the generated normal patterns will improve the performance of intrusion detection system. With the research in intrusion detection system and data mining technology, this paper discusses the application of data mining in intrusion detection system. The chief points of this paper are summered as follows:Firstly, the dynamic rule-adjusting algorithms in Snort is analyzed. Secondly, some methods to improve the algorithms are discussed and the results of experiment are obtained. Thirdly, a kind of anomaly detection models using association rule mining algorithm is put forward, and the improvements of Apriori algorithm are pointed out. Fourthly, the advantage of the new algorithm and the feasibility of this model are testified. Lastly, a framework of distributed intrusion detection system based on data mining is designed, and distributed cooperation concepts and many detecting methods are adopted in order to guarantee the accuracy and completeness of the detecting system. |
PDF Full Text Request