| It is very difficult to keep system safe only by static safeguards such as firewall. Active defense technology, IDS(Intrusion Detection System) compensates the defects of traditional defense. However, in the face of rapid updated network configurations and so many new attack methods, existing IDS has some limitations: poor adaptability, inability to detect novel attacks; high ID(Intrusion Detection) modeling cost, slow updating speed; lack of extensibility, The purpose of data mining is to extract connotative, unknown, uncommon and potentially valuable information and patterns from large databases or data warehouse, which is in common with intrusion detection systems.This paper adopts data mining methods in IDS. We choose two related methods of DM: Association Analysis (used to mining inter-audit record patterns for inducing rules) and Frequent Sequential episode Analysis (used to mining intra-audit record patterns for inducing rules) and improve them. The rules mined from audit record can be used to form rules databases (normal behavior databases and intrusion behavior databases) of IDS. And rules databases can be built and updated automatically and the handwork and guesswork involving in this process can be reduced greatly. At last, we design an adaptive intrusion detection model based on data mining according to CIDF (Common Intrusion Detection Framework).
|
PDF Full Text Request