Research On Application Of Association Rule Mining In Intrusion Detection System

With the rapid development and wide spread of Internet, Internet has played a more and more important role in the field of social politics, economy, culture, military affairs and other social field. At the same time, on the global range, it becomes a more and more serious problem which needs to be paid more attention that the attacks on computers and network infrastructure. Especially, the web sites of governments which become popular targets are attacked by hackers. Therefore, a perfect method to protect our systems needs to be found, intrusion detection is the one which we find to protect our systems.Although intrusion detection techniques and technology has been researched for more than 20 years, intrusion detection systems are still in a very preliminary stage at present. Most commercial products use the method that is similar to the hardware encoding mechanism of anti-virus software, moreover only the known types of attacks can be detected by the intrusion detection systems which are powerless to the new types of attacks. In order to give a solution to the disadvantage of the traditional intrusion detection systems, the intrusion detection technology and data mining technology are studied on this thesis. According to the characteristics of network audit data, the thesis presents a novel approach to detecting intrusion. This approach, on the one hand, extends the FP-Growth algorithm by adopting the idea of divide and rule, which divides frequent itemsets mining into a series of block sliding windows to reduce the search space of mining frequent itemsets and enhances the efficiency of mining frequent itemsets. On the other hand, the proposed approach limits the generation of the unwanted frequent items through axis attributes and reference attributes, which can enhance the quality of extracting association rules, therefore can increase accuracy of modeling the intrusion pattern by applying association rules mining. And, the thesis constructs intrusion detection model based the proposed approach and a solution that applies the proposed intrusion detection model into Snort system based misuse detection technique so that Snort system can detect intrusion behaviors through misuse detection technique and abnormal detection technique.Finally, the experiment shows how the selection of different parameters of the proposed approach affects the effectiveness and efficiency of intrusion detection. And the experiment also shows that the efficiency of the proposed approach is superior to FP-Growth algorithm in mining frequent itemsets.