| With the development of the Internet, it becomes more and more important for the information secrecy and network security. As the second safeguard behind the firewall, the intrusion detection system (IDS) is an important component in a security system, which can be used to detect all kinds of intrusion behaviors. Based on the theories of data mining and intrusion detection, a data mining-based IDS model is presented in this paper, with the emphasis on the analysis of the host logs and data streams on the network by using the algorithms of cluster analysis and association rules in data mining. On the basis of the experimental results of several different algorithms applied to the data, the unproved k-means algorithm and Apriori algorithm are used to implement the data analysis and real time functions in the IDS according to the features of intrusion data, such as large amounts of data, a lot of attributes and high real-time request, etc. In the experiments, the simulation data set is divided into two groups, the training set and the intrusion experiment set. Firstly, the cluster analysis on the training set results in the centers of the intrusion samples. Secondly, an intrusion model is produced using the algorithm of association rules. Lastly, according to the modal, an intrusion detection experiment is made to simulate the real network intrusion on the experiment data set. The experiment results indicate that the problems of the huge amount of data and real time are well solved by the application of the intellectual data mining technology, and the IDS model is extendable by establishing the intrusion model database.
|
PDF Full Text Request