| Intrusion detection is one of the important research topics in network security technology. But usually, most of the practical intrusion detection systems can only be captured network packets by matching known attacks database. These pattern matching method has high detection performance when detecting known types of attacks, but they cannot work very well when detecting unknown attacks or the variations of some known attacks. At this point, you can dig out some of the normal mode for intrusion detection applying of data mining techniques in Intrusion Detection System which can also help to improve the detection performance of Intrusion Detection System and detection speed.For the problem, this is includes several parts: Firstly, data mining techniques and the application of them in intrusion detection and intrusion detection technology is introduced; and the open source Snort Intrusion Detection System(Snort IDS) is chosen as the research object and analyzed in depth, especially the modules structure and plug-ins mechanism in the first three chapters. Secondly, the fourth chapter introduces K-means clustering algorithm and Apriori association rules algorithm in detail, and does some improvements in the two algorithms based on the shortcomings of these two algorithms and the data mining-based Snort Intrusion Detection System requirements. Thirdly, the fifth part builds a new framework of the Snort IDS with data mining technology. The cluster analysis module plug-in and pre-detection engine plug-in are designed by improved K-means algorithm which is put into the Snort plug-ins. The feature attaining module plug-in is designed by improved Apriori algorithm which is also put into the Snort plug-ins. And the resulting association rules are transformed into Snort's intrusion detection rules. Then specific experiments show the effectiveness and feasibility of the new system. Finally, the work in the sixth chapter of the paper is summarized and prospects. |
PDF Full Text Request