| With the rapid development of Internet, computer network has become much more important in many areas, say, society, economics, culture, and the people's ordinary lives. Meanwhile, the importance of network security attracts increasing people's concerns while they are utilizing the network. Caused by the variability, the complicity and the intelligence of the network attack methods, the static protection methods relying on the firewalls cannot meet the security needs any longer. As an active information security protection method, intrusion detection makes up for the disadvantages of the traditional security technologies effectively.However, facing the increasing network flux, fast developing network equipments and numerous attack methods, the traditional intrusion detection models show their limits in many aspects, such as the heavy workloads, the slowness of responses, the low accuracy, the inefficiency, and so on. In order to reduce the redundant reliance on the experts experiences in the course of system construction, as well as lessen the difficulties in mining rules and decoding, the paper designs an intrusion detection system model based on the data mining technology through which the system could mine the frequent patterns from numerous network events so as to pick-up the effective examination rules that could be used to guide the IDS intrusion analysis.First of all, the paper does some researches on the network intrusion detection technology, introduces precisely the advantages as well as disadvantages of the misuse detection and the anomaly detection individually, and analyses the realization methods and characteristics of different intrusion detection systems based on many architectures. Besides, according the limits of current IDS like the weakness in the self-adaptation ability, the high expenses in the constructing patterns, and the difficulty in the extensibility, the paper, after researching deeply on the association analysis, the sequence analysis and the classification analysis, integrates the course of knowledge discovery and the traditional intrusion detection to design a intrusion detection system based on the data mining technology. The model is made of the partof data mining and the part of intrusion detection in which the data mining part, whose main function is to construct the knowledge rules collection from the numerous data automatically and rapidly, is the key part of the whole model design. Every step in constructing the rules collection is based on the analysis of practical intrusion characteristics. Then, it generates the concise and precise rules collections after comparing and choosing the proper algorithm to offer the effective information to the succeeding courses. In the design, the methods of Data Pre-processing are provided, and the mining as well as the comparison of frequent patterns based on which the courses of constructing the characteristic collections needed by the classifier are precisely introduced, too. Finally, the paper, based on the practical conditions of network data, introduces the limits of key value, reference value and relative support to expand the mining algorithm FPGrowth for the association rules, which resolves the problem of generating many useless patterns in the fundamental association algorithm through which more meaningful patterns could be mined and the system's execution efficiency and the accuracy of rules could be improved, too.
|
PDF Full Text Request