The Application Of Improved Algorithm For Association Rules Mining In Intrusion Detection

The rapid development of computer network technology changed people's life greatly,and network resources are widely shared. Meanwhile, the management of computer system safety becomes difficulty, computer network security is particularly important.However, there are more and more the means of network attacker and the are complex and volatile,the network systems face more attacks and threats. Only relying on the traditional static defense strategy has been unable to meet the needs of the current network. Faced with this grim network situation, relatively active intrusion detection technology is becoming a research focus. As necessary complement to Firewall, intrusion detection can identify malicious attacks behavior to network resources quickly, and response to treatment timely.The goal of intrusion detection is to detect intrusion mixing in a large number of normal behavior accurately. However,because of the continuous improvement of speed,the increase of network bandwidth and the substantial increase of network audit data generated by a network system,the detection task becomes very heavy, which request new requirements for network intrusion detection. Facing with massive network data, how to build intrusion detection model quickly becames the focus of intrusion detection research field.Data mining can efficiently mine useful information from vast amounts of historical data quickly, and predict future trends accurately. Therefore,using data mining in intrusion detection can improve the capabilitie of analysising and processing network packet, and improve the performance of intrusion detection system.In this paper, an improved algorithm for mining association rules FIDF was proposed,which based on thorough research on association rules mining algorithm in data mining. The algorithm only need scan database once,and finding frequent item sets of from high-dimensional candidates,which greatly reduce the number of candidate items and improve the efficiency of association rules mining,and proposes update strategy when the minimum support and the database are changed.Meanwhile, applying the improved algorithm to intrusion detection systems, data processing speed is improved and the accuracy and real-time are improved.In intrusion detection, the proposed improved algorithm in this paper has some reference value in theory and practice.