As an important security inspection approach, Intrusion Detect System (IDS) supports the protection of computer system against the external and internal intrusion. Due to the difficulty of dealing with a large amount of data, the existing intrusion detection systems have high distortion ratios and bad real-time capabilities. The advantage of data mining (DM) lies in finding out patterns and features from large numbers of data. The paper presents a distributed IDS model based on DM. Firstly the basic idea of the model is introduced, and its structure and main function are expounded. Through data mining, significant features, new patterns and interesting rules can be automatically extracted from volumes of data. Then the paper discusses the application of meta-learning in the distributed structure. Each host computer in the network detects intrusions and exchanges the detected intrusion information periodically. As the host computer learns patterns and features from the local data, it can also learn the global knowledge by communication with others. So, using meta-learning, we can construct succinct and accurate classifiers to detect intrusions.
|