| With the rapid development of Internet technology, the level of network openness, sharing and interconnection is being expanded, the technology of computer and network is being innovated and upgraded constantly, the application based on network is becoming more and more, various services on the network are also springing up. It plays an increasingly important role in politics, economy, culture and many other fields. It also has a profound effect on politics, economy and military. As the objective reality of system security vulnerability, there inevitably exits many security holes in operating system, application software and hardware device, the design of network protocol has some security risk itself.Network intrusion will bring people great loss on politics, economy and military. The security problem of computer system is becoming more and more prominent and becomes the focus of people.First of all, this paper gives a brief description and classification of intrusion detection. Next, it gives a detailed description of existing intrusion detection methods based on classification. Finally, it discusses the application of Bayesian Classifier based on partitioning theory in intrusion detection. Against the time complexity of Bayesian Classifier depends on the dependence degree between the characteristic values and it is even a NP-complete problem, this paper proposes a new Bayesian Classifier algorithm based on partitioning theory. The algorithm combines the partitioning theory and Bayesian network classifier. It not only reserves the advantages of Bayesian-simple structure and low complexity, but also decreases the time complexity of traditional Bayesian classifier. Compared with the algorithms based on nerve network and heredity, the detection results which was gained by Bayesian network segregator training via numbers of data showed that the detection rate was improved by more than 5%, besides the new algorithm also has the merit of low miss ratio rate.KDD (knowledge discovery and data mining) Cup 99 data set is a useful data set to produce detection rules, whose each record contains 41 attributes of one network connection. These attributes include large amount of statistical information of network connection, it can be used to detect many stealthy attacks. This thesis uses most of the attributes to detect attacks and derives detection rules with applying data mining technology to the KDD cup 99 data set. The results of the test to the accuracy rate of the detection rules derived from the selected attributes set show that we could get a high true positive rate with low false positive rate using the selected attributes set, which illustrates the rules can meet the basic request of application. |
PDF Full Text Request