Study Of Data Mining Based Intrusion Detection System

With the fast development of Internet, computer network has played the more and more important role in the society, economy, culture, and people's life. While using the computer network, people are also aware of the important of network security. So, it is urge to study how to find the intrusion in computer network precisely and rapidly.Among the intrusion detection technologies, data mining based intrusion detection technology has good prospects. It introduces the data mining to the intrusion detection, which upgrades the intelligent, veracity and expansibility of intrusion detection system. In this paper, research has done on a typical data mining based intrusion detection system, and some amelioration is put forward. The author's main workings are given as follows:(1) The paper analyzes a typical data mining based intrusion detection system-MADAMID, takes an emphases on researching system's framework, theory, and way that how to use the data mining in intrusion detection.(2) Research is done on the association rule mining algorithm, a important data mining algorithm. Apriori, used in MAD AMID, is compared with other three high performance association rule mining algorithms. The most efficient algorithm is chosen from four popular association rule mining algorithms by the comparison and analysis. The new algorithm outperforms the former algorithm that used in the MAD AMID system.(3) Research is done on the DDoS and worm intrusion, and the fast detecting and reacting approach is put forward.(4) Agent technology is introduced into the MADAMID system, and a new system model, area based intrusion detection system (ABID), is put forward. The characters of ABID model are as follows. (1)The concept of area is used, whichcombines the host based intrusion detection and the network based intrusion detection. So it upgrades system's veracity. (2) Distributed framework is used. The intrusion detection agent module in area is unattached, and it upgrades the processing speed and system's security. (3) Hierarchy is adopted, which upgrade system's expansibility.(5) The FP_Growth algorithm is used to achieve anomaly detection. Data resource is coming from the shell command in Telnet session record. Data resource is mined by FP_Growth algorithm to build the user's history activity model and current activity model, which is compared to achieve anomaly detection.The research in the paper has definite theoretic and practical value in the fieldof intrusion detection; it is a useful reference for designing the intrusion detectionsystem.