| As an important component of network security, Intrusion Detection System (IDS) has been used more and more widely. But the development of IDS has faced new problems; one of the most subject matters is the increment of intrusion alarms and the high false positive rate.As a late-model artificial intelligence method in recent years, Data Mining (DM) can process large amount of auditing data intelligently, and can mine useful knowledge.For reducing intrusion alarms and decreasing false-positive rate, the dissertation has researched into how to analyze intrusion detection alarms by means of data mining technology. The main contributions of this dissertation are described as follows:(1) The dissertation has researched the adverse influences followed by large number of repeat alarms and false positives, and the main reasons that bring forth them.(2) The dissertation has researched associated knowledge of data mining technology, and then aiming at the its prevalence in mining useful knowledge from large amount of data, the dissertation has analyzed how to apply data mining technology into intrusion alarms compaction.(3) The dissertation has designed and implemented a NIDS alarms anomaly detection system model based on data mining technology, and by using alarm data given by snort, the dissertation has tested the model. The result of experiment has proved: the system can reduce intrusion alarms and decrease false positives effectively.
|
PDF Full Text Request