Research Of Mining Algorithms Of Frequent Patterns And Their Applications In Intrusion Detection

With the development of network and other information technology, security is themost critical problem to network system. Thus, Intrusion Detection System(IDS) becomeskey way and technology of protecting network system. Current IDS neither detects new orunknown attacks, nor accuracy and response can reach requirement ofapplication. Miningfrequent pattern is a fundamental and important problem in data mining, which not onlydetects normal behavior but also abnormal behavior. So, applying frequent pattern to IDScan detect both known and unknown intrusion, which has more accuracy and compatibilitythan manual. Thus, this paper focuses on the research of efficient frequent patterns miningalgorithm and parallel algorithms and detection methods based on frequent patterns mining,which has more important theory meaning and utility value for improving accuracy andefficiency of IDS. For solving scans of data, adjusting and updating difficulty, this paper presents a novelmining algorithm PT-Mine and updating algorithm UPT-Mine. PT-Mine designs Prefix Treeto store data in a highly compact form, which mines frequent patterns in depth-first orderand directly in Prefix Tree by adjusting node information and node links without using anyadditional data structures. Thus, it not only save space but also improve performance andscalability of IDS greatly. UPT-Mine designs Trans-Tree that updates and changes easily,which needs one scan of the new data only without scanning the existing data. Maximum frequent patterns can describe normal and abnormal model because ofcomprising all of frequent patterns. With the change of circumstances of network andemergence of new attacks, intrusion detection model should be updated and improvedcontinually. Thus, mining and updating maximum frequent patterns is very important toimprove accuracy and scalability of IDS. In this paper, a fast mining algorithm DMFP basedon Prefix Tree is proposed, which mines frequent patterns without creating candidate andconditional pattern tree. Thus, it improves performance greatly. Then, incremental updatingalgorithm IUMFP and updating algorithm UMFP are proposed. Both of them make use ofthe previous mining results to cut down the cost of finding new maximal frequent patterns inan updated database. In order to deal with the high dimension, huge volume and distributed environment ofintrusion data, parallel mining is a practical way to improve efficiency of IDS. In this paper, IIIparallel mining algorithm PMFP in distributed database is proposed. PMFP attempts tomake each processor to do independently and decrease the number of candidate of globalfrequent patterns according to the relation between local frequent pattern and globalfrequent pattern. Therefore, PMFP uses far less communication overhead and fewersynchronization steps, and improves efficiency of mining. Moreover, mining candidate ofglobal frequent patterns only search corresponding paths in Trans-tree without traversing olddata. Under unbalance workload, this paper presents a Task Duplication based BalanceScheduling(TDBS) algorithm. By considering workloads and some idle time slots of usedprocessors, TDBS tries to assign tasks to scheduled processors and maximize theirutilization. Therefore, TDBS algorithm is a viable option for improving performance ofPMFP. Because user behavior features extracted by current IDS cannot reflect realcircumstances, normal and abnormal model are not accurate. Thus, there are some misuseand leakage warning that may be happened easily and much losses in network system. Thepaper presents an intrusion detection method based on frequent pattern mining. At first, themethod constructs user normal model and abnormal model by mining training data sets.Then, mine and mark the real data in a slide window. The methods can distinct normal andabnormal behavior rapidly, which timely update and improve model of IDS. So, theaccuracy and relia...