| Along with the continuous development of computer network, more and more enterprises and governments treat their business on intranet and internet, network security shows itself as a serious problem in front of people. Traditionally, users usually adopt Firewall as their first line of defence. But with the increasing maturity of Cracker and the increasing attack means, pure firewall strategy can't satisfy the requests. And at the same time, the net environment become more and more complicated and all kinds of complicated equipments need continuous upgrade and filling leak. All those aggravate the work of network administrators. A litter of negligence could result in great loss. In such circumstance, IDS (Intrusion Detection System) becomes the new hotspot in security market. It wins more and more attentions, and begins to exert its key function in various environments.In this thesis, firstly, the causes of the security problems of Internet, the advantages and disadvantages of the popular network security technologies are analyzed. Due to its essential role in network security, intrusion detection becomes more important. The advantages and disadvantages of misuse detection and anomaly detection are respectively analyzed in this thesis. The cost and the security performance of intrusion detection of various architectures are also discussed. At the same time, in order to solve problems existing in a traditional intrusion detection systems, this thesis puts forward a intelligence network intrusion detection system model based on data mining. The basic theory of the model is introduced, and its structure and main function are analyzed. The model is an open system having good scalability and adaptability, it can reduce the cost of deploying an intrusion detection system, solve the problem of environment adaptability, and the efficiency of the system is proved. At the last, an implementation case of this system is given.This thesis is divided into six chapters. Chapter 1 is an introduction. It mainly introduces the background of this thesis. Chapter 2 is to discuss the intrusion detection technology, including the structure , examine technique and developments of the technology, moreover, we point out the existing problems in current intrusion detection system. The next chapter is to introduce the technology of data mining. We firstly introduce the concept and process of data mining technology, then we discuss the necessity and possibility of adopting the technology in intrusion detection system. Chapter 4 is to apply the technology of data mining to intrusion detection system.Firstly we introduce some popular data mining algorithms, particularly discussing the Apriori algorithm. At last we discuss these algorithms which extract the intrusion detection rules from the training data. The important chapter is to design an intelligence network intrusion detection system based on data mining. Firstly we introduce the relevant knowledge of common intrusion detection framework (CIDF), then make use of the Snort2.0 intrusion detection system as the basic tool to design an intelligence network intrusion detection system on the Linux platform. At the end of the thesis, we point out the deficiency of the intrusion detection model, and the continuous work in the future.
|
PDF Full Text Request