| Aiming to discover and identify the intrusion behaviors, intrusion detection is a technology of information discrimination and detection. As a light intrusion detection tool, having an artful management mode of plug-in, Snort allows its users plugging their detection module in it for their special application.From the data-driven points, intrusion detection system is a process of data analysis. In the correlative research field, e.g., fraud detection, and fault management, data mining methods have made considerable success. Nowadays, the application of data mining to the intrusion detection has gotten more and more attention.Based on the existing frequent pattern mining algorithm, an idea of frequent-itemsets table is firstly proposed in this paper. Applying this effective frequent pattern mining algorithm to NIDS, we can detect those links which have not any characteristics matched. Then, based on the association analysis of system call sequences of sendmail process and the classification of normal and abnormal behavior sequence database, an effective frequent pattern mining algorithm is applyed in this paper, through which the typical patterns of system call sequence in the form of association rules are discovered to discriminate the normal and abnormal process. Furthermore, the classification rules are obtained to detect the intrusion attempt or behavior in the system process.
|
PDF Full Text Request