| With the increasing problems in the security of computer network, the network security becomes the focus of people's concern.Currently, the main techniques in the solution of network security consists of encrypts technique, firewall technique, security route etc., although they can fulfill main part of security functions, they mainly apply static strategy and they have certain limitations in defending intrusion from network.Intrusion detection system examine the anomaly actively in the network and quickly send out the alert and make up the limitations of other tools which apply static strategy.By collecting the information of some important point of computer network or computer system and analyzing them, Intrusion detection system can discovers whether there are some behavior against the security strategy or evidence of attack in the computer system or computer network. Currently ,the source data that intrusion detection system analyzes are system log or package from network, as a result, there are some limitations: (1) Non-realtime, the focus of the discussion is whether record the intrusion after the intrusion has completed or discover the intrusion and stop it before the accomplishment of intrusion ; (2) What analysis method pay attention to is the form of intrusion not inbeing of intrusion ,as a result,intrusion detection systems can be passed by new type of or carefully designed intrusion.Firstly , this article studies the state of current research and the evolution of intrusion detection systems and introduce some basic knowledge of intrusion detection systems as well as data mining. Secondly , this article illustrates the method to realize the project and establishes the model which is a host-based intrusion detection system based on data mining. This model has some features: (1) Apply two kinds of data mining algorithms : association rule and classification rule; (2) Integrate misuse detection based on classification rule and anomaly detection based on association rule; (3) This article illustrates a method based on greedy algorithm to integrate the rules which are created by the same kind of data mining algorithms;(4) A system call trace is evaluated by a statistic way. Finally,according to the experiment the model needs less training time and less false alarm .The data source this article used is system call trace : in open resource platform such as Linux, Unix . Sun OS, Solaris intrusion detection can work under this way that a intrusion can be detected and stopped by monitoring system call trace.Generally, most of intrusions are succeeded by implementing unauthorized system call.As a result, most of intrusion can be detected and the system can be protected by monitoring system call.
|
PDF Full Text Request