Current host-based intrusion detection system is disabled to some intrusions due to expert encoding misuse detection model,and system has difficulty in upgrading,this paper present a new structure of host-based intrusion detection,this structure use algorithm of data mining,combines misuse detection with abnormally detection,can be used in different data source;in this paper,we provide a method of data transform so the format of data is sutible for data mining;finally,we use PowerBuilder to realize whole host's logs detection system in Win2000/NT.The result of test shows,the detection rate of this system is up to 90%,this has shown the systematic structure and algorithm of data mining are correct,it has certain reference value to the further research of host-based intrusion detection system.
|