The Research And Application Of Intrusion Detection System On Data Mining

With the rapid development of computer technology, communication technology and the wide application of the Internet, network security issues have become the focus of national attention, and a problem affecting national security and social stability. There are many ways to solve the problem about network security. Intrusion Detection System (Intrusion Detection System, IDS) is one of the technologies to improve the network security. It detects whether there is a violation of security policy behavior or intrusion attack behavior by collecting and analyzing some key information points in the system. It is a dynamic security technology which can detect, alarm and response to the network.The function of the intrusion detection system is to detect and recognize intrusion events. Its essence is to classify the data in the network.The given audit data consist of normal data and abnormal data. The intrusion detection is to detect the abnormal data. Intrusion detection strategies and models are not the same according to different invasions. The IDS can not only monitor the host of the system and application procedures in the running state, but also identify and respond to the intrusion of computer as well as to provide real-time detection of internal attacks, external attacks and misuse. All these features make the IDS become an important security tool. As the current instrusion dectect system has low detection accuracy for intrusion detection and high false positive rate of the test results, this paper uses data mining techniques in the field of intrusion detection to achieve IDS intelligence. The main idea is to use cluster analysis in data mining and the relevant algorithm in association rules to extract characteristics of network behavior. Based on these characteristics, the instrusion detection model is generated, and then association rules is generated, which responds to security events automatically.This paper first introduces the architecture and technology research of the intrusion detection, then describes the functions and commonly-used technology of data mining. Then, it discusses cluster analysis algorithm and association rules algorithm of the IDS based on data mining. K-means algorithm of clustering algorithm and the Apriori algorithm of association rules are introduced to the intrusion detection. Based on the analysis of algorithm, improved K-means algorithm and improved Apriori algorithm based on FP-growth are proposed. These two algorithm are experiemented by using KDDCUP99classic data set, resulting in detection rate and false alarm rate of these two types of algorithm. The algorithm is used to test the new intrusion detection system. The results of the experiments show that the new system improves the accuracy of intrusion detection, and reduces the rate of false positives.