Research Of The Network Intrusion Detection Model Based On Data Mining

Rapidly change in network technology today, the network has been applied to various fields, network security has become a new hotspot, and how to quickly and effectively respond to attacks for the endless, to protect the security of network systems and resources becomes more important. Added as a passive defense system, the active defense technology- intrusion detection system is an important part of the network security system.For the problems of the traditional intrusion detection system how to mark and analysis the mass raw data, based on study at home and abroad, the paper presents the method of combining k-means algorithm and clustering-based unsupervised intrusion detection CBUID, combining Data Mining and Anomaly Detection thinking, establishing new detection model; in the new detection, using the new cluster centers which are calculated according the average to recluster, after obtaining the clustering results, using the exception cluster scope which is set according to the abnormal factor to detect the intrusion actions, it can improve the detection rate and reduce the false detection rate.In the paper, the main research topics included:First, expounding the basic concepts and principles of intrusion detection systems and data mining technology, introducing the feasibility as well as the advantages and disadvantages of using the data mining technology into intrusion detection system. Second, according to CIDF system specifications of IDS, Designing framework of based on data mining intrusion detection system, presenting the design ideas: in anomaly detection using the method of combining k-means algorithm and clustering-based unsupervised intrusion detection CBUID to construct the detector. This system is divided into five parts: the network data capture module, data preprocessing module, test analysis module, memory module, console modules. Introduce the method of combining k-means algorithm and clustering-based unsupervised intrusion detection CBUID which is used into detector and the standardization of treatment for original data. Analysis the impact of abnormal factor withThe detection rate and false positive rate of Intrusion Detection System, and introduces the method how to determine the abnormal factor, similarity, k-means clustering algorithm and cluster radius, the distance between clusters and other major parameters.Third, realize the development of based on data mining intrusion detection model. This paper used the KDD CUP1999 data set to test the system, experimental result show that the improved system completes the intended target, and has a very good test result.Fourth,the paper concludes the full research content, analyzing the problems which need to be solved.