Intrusion Detection is an effective approach to dealing with the problem of network security. One of the research emphases in the field of intrusion detection is How to analyse the received data to build a intrusion detection model with effectiveness ^ adaptability and extensibility. In this paper, we study focus on building intrusion detection model based the technique of data mining(DM).Firstly, the paper designed a scheme to modeling intrusion detection based DM and bright forward the idea of descriptive model and classified model to intrusion detection. Secondly, we designed and implemented a net data collection system with high performance and a scheme to pretreat net data. Thirdly, after studying the algorithms to mine association rule and sequence rule in net data, we extended and improved the algorithms according to the characteristic of net data and the field knowledge of intrusion detection. Using the extended algorithms, we mined association pattern and sequence pattern from net data as descriptive model of intrusion detection. Finally, how to using the descriptive pattern was studied, and designed the intrusion detection engine based pattern matching which have the function of misuse and anomaly detection.
|