Research Of Intrusion Detection Model Based On Date Mining

The existing types of security products and technologies can not guarantee the security of the network information system absolutely. The intrusion detection technology, which could actively defense and effectively suppress the various of invasive behaviors, need to be used. The existing intrusion detection techniques have a variety of deficiencies. They can only detect known intrusions, but can't detect new unknown intrusions. Consequently, it is necessary to do more research on the intrusion detection technology.In the paper, the theoretical knowledge of intrusion detection techniques and data mining is analyzed firstly. And then the model of intrusion detection is proposed based on the association analysis and clustering analysis. The framework and composition of the model is gaven and the key technologies of the model are researched.Based on the association rule mining algorithm the training data set with a large number of intrusion behavior is mined. The the misuse database is established. It can be used to misuse detecting. Misuse detection can improve efficiency. It can detect known intrusion behaviors quickly. Because the misuse database does not include intrusion behaviors with low misuse support and confidence the secondary detection must be used.In the model a clustering mining algorithm based on minimum dissimilarity is used to mine the normal sample data set including a few intrusion behaviors. The characteristic value of the cluster which is produced by clustering algorithm can be used to determine classification model and then establish the cluster database. The model do the second detection on the cluster database to the data after misuse-detectng. The clustering analysis of the model can reduce false alarm rate and detect unknown intrusions.Finally, by using the KDD Cup1999 data set, a series of simulation experiments are carried on the data mining-based intrusion detection model. The experimental results show that this model can not only accurately identify the Known abnormal behaviors, but also reduce the false positive rate and false negative rate. Besides it can detect the unknown intrusion behaviors. The desired target is achieved.