| With the continuous development of information society, People's dependence on computer networks also increases continuously. Meanwhile the security of network itself has become one of the important problems in network applications. A major threat of network security is the network intrusion. Network intrusion is collection of any network activity which contains destroying information system's integrity, usability, reliability and confidentiality. Because of the limitation of various safety technology, to eliminate network intrusion completely is impossible. Network security warning technology is concerned by the network security community because it can predict the possibility and consequences that it may produce. Network security warning technology is a new network security technology after the firewall, data encryption technology, and intrusion detection technology which are the traditional security technology. Different from the previous passive defense security technology, network security warning technology is positive and safe defense technology and it's the necessary supplement to traditional security technology. The application of network security warning technology will greatly improve the network security defense capability.This paper firstly introduces the basic principle of the network security, network security warning and data mining technology, in-depth analysis of data mining algorithm applied in network security warning system. Then to analyse and study Apriori algorithm,to improve traditional Apriori algorithm, and to prove its rationality. Then, set up the design scheme of network security warning system, discuss the design method of network security warning system from system overview, system needs analysis, design goal, system organization, system module structure and so on. Finally, This paper carry on the detailed design and implementation to key module of the network security warning system. In warning agent module, the Winpcap technology achieves the network data collection, puts forward the detection analysis model based on data mining and adopts a test method which combinate misuse detection and anomaly detection. In regional warning center module, established a treatment based on the concept of association based on alarm events which is divided into clustering size, concurrent size and repeat size three merging layer redundancy merge processing method from coarse to fine according to size, and design data fusion models based on clustering analysis and the attack prediction model based on attack track chain.And proves effectiveness of the warning system test analysis by experiment.The innovation place of this paper place is:1, Improved the Apriori algorithm of data mining, and puts forward detection and analysis model based on data mining, adopts a test method which combinate misuse detection and anomaly detection.2, Multi-source information fusion technology is introduced to the network security warning system,build data fusion models based on clustering analysis and the attack prediction model based on attack track chain. |
PDF Full Text Request