Research On Intrusion Detection Technology Based On Data Mining

With the continuous development of network technology, network attacks are endless, and therefore people require a higher network security. Intrusion detection is a kind of proactive security protection technology. As an important part of information security architecture, research on intrusion detection technology has attracted more and more attention. Traditional intrusion detection systems capture network packets and make pattern matching for rules in library one by one. With the continuous improvement of network bandwidth, there is a huge challenge on detection efficiency. Furthermore, their rules in library are hand-coded according to "expert knowledge", which can only detect known attacks, but are powerless for unknown attacks or variants of known attacks, so they lack of adaptability. Data mining technology can discover intrusion and normal behavior patterns from a variety of mass audit data. If data mining technology could be introduced into intrusion detection, the detection efficiency and adaptability of intrusion detection systems can be greatly improved.Firstly, this paper introduces intrusion detection and data mining related technology, points out the current problems in intrusion detection area, and discusses the utilization of data mining in intrusion detection, which provides a theoretical basis for the proposal of data mining-based intrusion detection system.Secondly, it studies the association rules algorithm and clustering algorithm in-depth. Based on the deep analysis of Apriori association rules algorithm, it points out the advantage in the aspect of mining intrusion behavior patterns, transforming into intrusion rules and improving adaptability. It improves the K-means algorithm for its weakness in intrusion detection, and then a kind of anomaly detection algorithm is proposed based on the improved K-means. It designs the experiment and gives experimental analysis using the KDD CUP 99 data set as test data.Thirdly, a data mining based intrusion detection system is designed based on the common intrusion detection framework (CIDF). This system introduces the Apriori algorithm and the improved K-means algorithm to build the association analysis module and clustering analysis module, combines anomaly detection and misuse detection, and attempts to solve the bottlenecks of intrusion detection efficiency and adaptability.Finally, the designed system is implemented using Java language and system test is conducted. Test result shows that the system not only improves the detection efficiency but also possesses the ability of detecting unknown attacks.