Research On The Method Of Network Intrusion Detection Based On Data Mining

Intrusion Detection System (IDS) bring network information security from passive to positive.Thus ,IDS provides local network security not only on inside but alse on outside. Owing to complication of computer system and great magnitude of network audit datas, it is difficult to audit data from network. With the development of Data Mining and machine learning theory,IDS model can be drawn form the audit data.The thesis focuses on analysis the audit data using data mining technolgy,and draws IDS model.In chapter 2nd,the magnitude of network audit datas is great. Audit data contains a great deal of redundancy.The cost of making training data is high and difficult to achive.To solve the problem ,a new method is introduced. Rough Set-base Reduction is combined with naive bayes.Rought Set _base Reduction have firm mathematics base .The reduction dosen't request knowledge of background and meet stand of Data Mining.In fact The independence of featers must be achived before using naive bayes.In chapter 3rd, Bayes network is used in IDS. Naive Bayes is a very simple form of Bayes network and particularly efficient for inferenece tasks.But it is based on a very strong independence assumption.The chapter offers an experimental study of the use naive Bayes in intrusion detection .The experiments show that the simple structure provides very competive results comparing with one of well known maching learning techniques which is decision tree.Moreover we introduces bayes based on the least minmum risk in IDS. The experiment shows good results.All experiments are done on KDD'99 intrusion data sets reduced using Rough set.In chapter 4th,An improved method for anormly intusion detection is brough froward.The normal pattern is based on normal system callls.The structure is the weight tree based on naming distance.During intrusion detection ,scan system calls sequence using the normal weight tree and get corresponding weight sequence ,on which make decision whether it is normal or abnormal.At the same time pay attention to making good use of experience and updating experience .The balance of the cost offeature and the risk is the other work .The method not only can detect new intrusion but also can work in real live network enviroment.The main work and the feature of the paper is as follow:1. Rough Set theory is used to reduce features in a great deals of data set.So it produces feature set that has perfect independency, on which assumption Nai've Bayes is based.2. Using Bayes theory in misuse intrusion detection.The learning corrct efficiency and time efficiency can meet the needs of intrusion detecton.The use of the minimum risk theory can bring down the risk of IDS .3. Improve the weight tree and use it in abnormal intrusion detection .During detecion ,make good use of experience and balance the cost of feature and the risk of the decision.The method not only can detect new intrusion ,but also can work in live enviroment.