The paper applies data mining to intrusion detection,and analyzes respectively the application of clustering analysis and association rules analysis in intrusion detection.We improve the K-means clustering arithmetic and prove that the improved clustering arithmetic can advance the detection rate through the detection of the KDD cup 99 data.The paper also presents the detection method of combining clustering analysis with association rules and the model of intrusion detection based on this method.First mine the relation of symbol attribute from the known training data through Apriori association rules arithmetic,and establish normal model and abnormal model respectively,then patition the clustering result again according to the model,so that it can reach the better result.Finally the detection of  KDD cup 99 data indicate that this detection model can detect the DoS attack and the Probing attack in a high detection rate and a low wrong detection rate,so it can resolve the contradiction of detection rate and wrong detection rate effectively.
|