Research And Application On Data Mining In Intrusion Detection System

The openness of Internet offers great convenience of information sharing and exchange, accompanied with crucial challenges to Information Security. Security issues have evolved into the key problem of information systems.As a kind of active measure of Information Assurance, Intrusion Detection System (IDS) acts as the effective complement to traditional protection techniques. The dynamic security circle, including policy, protection, detection and response, can greatly contribute to improving the assurance ability of information systems and reducing the extent of security threats.With the development of computer and network technologies, the popularization of numerous storage and wide-band transportation. IDS should be face with more and more data. It spends much time to analyze these data. Now there are all kinds of intrusion means. It's difficult to detect complicate and unknown intrusion means by the traditional rule matching. So we need use a strongly data analyzing-tool-the Data Mining technology to solve these problems. We use this technology to deal with those numerous, incomplete, noisy, fuzzy and random data which IDS has to face with, discover the latency relations that these data have, send these relations to IDS for the second dealing.This paper study IDS and Data Mining technology. Through using this technology into IDS to deal with the numerous data, we can improve the detect-ability of the whole IDS, and reduce its fake alert and error alert. My main work is listed as follow:1. By studying and analyzing the flaws of traditional IDS, we can know that we should deal with numerous data to solve these flaws. The Data Mining technology is exactly a strongly data-dealing tool. So it is necessary to use the Data Mining technology into IDS.2. Comparing the algorithms of Data Mining and thinking over the applied environment-IDS, we think the Apriori algorithm of association rule is suitable for IDS.3. By analyzing the existent flaws which the Apriori algorithm using into IDS has, We improve on these flaws with examples to prove the improvement is effective.4. Designing a IDS model based on the improved Apriori algorithm.The research of IDS based on the Data Mining is a very active field. Finally We present several future directions of improvement and research in our work.