| Computer network security cause people's concern increasingly.Intrusion detection is the new generation of security assurance technology after firewall, data encryption and other techniques.With the increasing amount of network data, the traditional intrusion detection technique based on artificial modeling is lack of extension and applicability.Therefore the introduction of knowledge in other fields to intrusion detection technology is needed, one of the popular technologies is data mining.As means of invasion increased, there are no obvious pattern matching features in invasion, for example, a separate message or command seems normal, but a series of chronological order or command packets constitute an attack. So the data mining technology is introduced into intrusion detection.This essay first introduces the concept of intrusion detection and its classification, and then discusses the development of intrusion detection and challenges. Then one kind of data mining technology—sequential pattern mining is described and analyzed, we concern about the classical algorithms and their advantages and disadvatages.Next, reducing minimum support is a common method to include the unfrequent rule into rule base meanwhile that will produce a weak redundancy problem, this paper proposed to improve the interest factor which indicates positive and negative relevance between consequent itemsets (records) of patterns rules.Anomaly detection research results based on sequential pattern algorithm with interest factor show that detection accuracy and false positive rate improved to varying degrees.In intrusion detection, more intrusion may get rid of time and space constraints. Taken long-term sustained attack into consideration, the paper proposed a sequential algorithm based on gap constraint. |
PDF Full Text Request