Study On Network Intrusion Detection System Based On Outliers Mining

Today, the tide of informationization is sweeping across the globe and Internet has been getting fast development. The network information has been applied to every department of countries and society. While people share the network information together, they feel that the question of information safety is becoming more and more serious. It has been a very important for us to guarantee the security of network information. The passive and static security-defense system from the initial access control mechanism to packets filter and the firewall techniques of application layer gateway has been already unable to meet the demands of present security state. In this case, the birth of the intrusion detection system has been impelled. It takes initiative approaches to detect the possible intrusion behaviors through checking the abnormal state of network and system interior data, and gives warnings or cuts off the intrusion ways. Therefore it remedies the deficiencies of other static defense systems.The thesis introduces firstly the theory of outliers mining which is applied to the intrusion detection system as a kind of new intrusion detection technique. In this thesis, the outliers mining technique is analyzed and researched. Combining the characteristics of the outliers mining technique with the aim of intrusion detection system, the author proposes the network intrusion detection system based on outliers mining. Through applying the efficiency of outliers mining technique to mine the outliers data, the system finds timely those new and unknown intrusion behaviors, thus renews the intrusion rules database. At the same time it carries on real-time intrusion detection by using efficient pattern matching algorithm, which makes the system detect efficiently and accurately those known or new and unknown intrusion behaviors, and possess the intelligent function of constructing and renewing automatically intrusion rules database. Later, the thesis analyzes detailedly and summaries the current developing situation and existing problems of intrusion detectionsystem, constructs a model of network intrusion detection system based on outliers mining, and divides module to the model according to the function demands. At the same time it expatiates on the function what every submodule realizes. The thesis also makes an exemplification to the algorithm and a thorough research to the process of data pretreatment. Finally, using the formalized language, the thesis analyzes and describes structurally every submodule of intrusion detection system which establishes the foundation to realize further the system. In the thesis, main innovations include that it applies the method of density-based outliers mining to intrusion detection system for the first time, proposes and constructs the original model of system, and applies formalized language to describe the system.Compared with other intrusion detection system, the network intrusion detection system based on outliers mining possesses the intelligent function of constructing and renewing automatically intrusion rules database, at the same time the real-time detection velocity and accuracy are greatly enhanced. Thus it can detect efficiently and accurately those known and new-unknown network intrusion behavior, improve the network security performance and reduce the workload of administrators.