| Detection is an important element, which is one of the three factors of computer network security. With hacker's attack means becoming wiser and wiser, and more and more computer safety cases being done by in-house employees, people's requirement of computer safety get more and more intense while they enjoy lots of convenience brought by computers. Simple prevention cannot solve computer safety problems, so intrusion detection is gradually heightened to the same important station with prevention, even it is more important than prevention.Intrusion detection is a data analysis process on network-based data or host-computer-based data in fact, it can real-timely detect inbreaking actions based on network or host computer. However, the complication of computer system and huge quantity of network data take great trouble to our intrusion detection. Appearance of data mining technique offered an efficient measure to resolve such trouble, so research on data mining techniques applying to intrusion detection has great theoretic significance and practical value.On the basis of research upon intrusion detection and data mining, this dissertation applies data mining techniques to intrusion detection, from the angle of enhance efficiency and practicality of intrusion detection, it respectively researches association rules and decision tree, then builds intrusion detection system (IDS) models with the two methods. First chapter is a preface, which detailedly introduce intrusion detection. First of all. it analyses the more and more important function of intrusion detection in the surrounding of network safety being increasingly threaten. Then it gives several sorts and put forward a aeneral intrusion detection model - CIDF model.In the second chapter, this paper mosth" introduces data mining techniques of intrusion detection. It firstly analyses the process of intrusion detection, then it gives some common used techniques of intrusion detection, at last it emphatically introduce data mining techniques.In the third chapter, an improved association rule arithmetic was put forward, which is called Hash-pruning arithmetic. It improved traditional Apriori arithmetic. According to the need of intrusion detection, this dissertation builds an intrusion detection model with the Hash-pruning arithmetic. We confirm this arithmetic has great efficiency.Decision tree is the most practicable data mining technique. In order to enhance the practicality of intrusion detection, in the fourth chapter, we research classic IDS arithmetic and do some intrusion detection experiments with the arithmetic, and reduce the complicated attributes of K.DD99 data. From the experiment, we conclude that decision tree method has practicality and great efficiency.In the fifth chapter, we put forward a multi agents intelligent intrusion detection system models. We apply data mining techniques to agent, this model can sufficiently heighten the efficiency of intrusion detection, and it is very fit for the need of distributed intrusion detection currently, what is more .it greatly enhance ability of intrusion detection upon self adaptation and self learning.In the sixth chapter. I summarize my research work in this dissertation, and put forward my prospect of my future work.General speaking, the main work and feature of this dissertation are asfollow:(1) Association rules are applied to intrusion detection in many papers of other researchers, but the arithmetic they used are mostly traditional Apriori arithmetic, this arithmetic has very low efficiency on mining great of data. This dissertation bases on the problem, detailedly research one of the improved techniques of Apriori arithmetic - Hashing-based technique, then binds it to intrusion detection, and puts forward an improved association rule arithmetic, which is called Hash-pruning arithmetic. This dissertation then compares efficiency of the two kind of arithmetic by experiment on KDD99 data.(2) Decision tree has characteristic of high practicality. This dissertation detailedly research ID3 arithmetic of decision tree. In the experiment, this dissertation paints decision tree of intrusion detection data with ID3 arithmetic. We confirm that decision tree technique has very strong practicality and very high validity on intrusion detection.In this dissertation we have done so much work on data about knowledge discovery in database -KDDCUP99. from many experiments we conclude that data mining techniques have high efficiency and intelligence on learning large of data of network.(3) Aimed at the issue of application program and system design has a tendency of distribute and intelligentization. this dissertation put forward an intrusion detection model -MAUDS, which is multi-agent-based distributed intelligent intrusion detection system, and makes academic base for developing distributed intrusion detection system.
|
PDF Full Text Request