| Intrusion Detection, which tries to detect attempts to penetrate into a system is now an important fort to protect computer systems.There are many techniques applied in the construction of intrusion detection systems. Of them, data mining is an efficient one to construct an intrusion detection system systematically and automatically, avoiding of manual and ad hoc means.However, current data mining algorithm can't completely adapt to the particular requirements in intrusion detection fields.Rule induction algorithm, a mining algorithm widely used in intrusion detection fields, is researched in this thesis. By applying RIPPER algorithm to a great lot data sets in intrusion detection fields, we found that the inductive ability of this traditional classification algorithm could be greatly damaged by the lack of negative examples in training data sets. Given the prevalence of lack of negative examples (which cover some intrusion types) in the auditdata we can offer, this limitation was almost lethal. Based on RIPPER, some modification was proposed to adapt the intrusion detection environment, resulting in the multi-greedy and coupling (MGC) rule induction learning algorithm.Tests on a few man-made and real data sets showed that, without greatly affecting its computational efficiency, the new algorithm have better generalization performance over RIPPER algorithm on data sets lack of negative examples.
|
PDF Full Text Request