Research And Implement On Intrusion Detection System Based On Data Mining

With the rapid development of the computer network, the Internet and the people's learning,work and life are inseparable; the human society depends on the network to an unprecedented degree; the computer network security has aroused the widespread concern of society. Intrusion detection technology which is a new security assistance mechanism will monitor the network in the case of not affecting the network performance, providing the protection of the internal and external attack for the system, but the traditional intrusion detection system lacks of effectiveness, adaptability and scalability. To the problems of the traditional intrusion detection system, this paper introduces the data mining technique to the intrusion detection system, which makes the system be able to modify the characteristic library adaptively, solve the problem of the type of hand-written as possible.The main work of the paper concludes the following:(1)Discuss the intrusion detection technique. This part concluses the concept, the process and ways of the network intrusion and the concept, the role, process, advantages and disadvantages of the intrusion detection.And then classify the intrusion detection; discuss the open source products and commercial products in the intrusion detection and the current situation and development trend of the intrusion detection.(2)Study the data mining technique. This part introduce the background and concept of the data mining; then discuss the main methods of the data mining, namely clustering algorithm, classification algorithm, association analysis algorithm and sequence analysis algorithm; finally discuss the development trend of the data mining.(3)Focus on the k-means algorithm, the DBSCAN algorithm and the PSO algorithm. The Density-based K-means algorithm is produces by the DBSCAN Algorithm, while the PSO-based K-means algorithm is obtained by the PSO algorithm. The experiments show that, the improved k-means algorithm has the better clustering effect than the traditional algorithm and the PSO-based K-means algorithm is better than the Density-based K-means algorithm in clustering effect. Certainly, the improved k-means algorithms have some limitations for the data sets having the large range property, and the clustering resulting is not good.(4)With the misuse detection and the anomaly detection, study and propose a hybrid intrusion detection system model and its architecture. The system is divided into the network data acquisition module, the data preprocessing module, the misuse detection module, the anomaly detection module, the response module and the rule mining processing module, each part is discussed in detail. (5)Design the system and carry out the intrusion detection comparison experiments which use the KDDCUP 1999 data set as the experiment data.Experiments show that the detection rates of the improved algorithms are improved to varying degrees than that of the traditional algorithm for the Probe, R2L and U2R behavior, and the false alarm rates of the improved algorithms are much lower than that of the traditional algorithm for the DoS, Probe behavior. In addition, the false alarm rates of the PSO-based K-means algorithm also have different degrees of reduction for R2L and U2R behavior, and the false alarm rate for the R2L data is very good. In a word, the improved k-means algorithms have good effect for the intrusion detection.It is so that this paper's algorithms are positive to improve the detection rate and have a better application value.