Research And Implement Of Mining Association Rule Based On Snort Intrusion Detection System

The Intrusion Detection technology is a kind of active measure of information assurance and network security, which has great capabilities in indentifying the malicious behaviors in networks and responding to them. To enforce the capability of dealing with mass data, data mining technology is adopted into intrusion detection system. This makes intrusion detection system has the ablitiy of self-studying and extensible. Association rule mining is one of the widely used technologies in data mining, this paper focuses on mining the association rules in intrusion detection system.Firstly, this thesis studies and ansiyses the association rule mining algorithm and the incremental updating problem. Based on these, to improve the efficiency of mine association rule, we introduce the COFI-tree mining algorithm. This algorithm, which mine the frequent patterns by add an additional COFI-tree data structure, can effectively avoid the problems existed in FP-Growth algorithm that need recursively find the short patterns in data mining process. Experiments show that the COFI-tree is better than the FP-Growth algorithm in many aspects.As the intrusion and the threshold determination in anomaly detection are ambiguous. In this paper, we research the association rule mining based on Fuzzy Set theory, illustrate how to construct fuzzy sets and fuzzy memship function of the transaction's attributes to solute the"sharp boundary"problem. To reduce the number of useless fuzzy association rules, we introduce the axis attribute to constraint the process of fuzzy association rule mining. For algorithms of fuzzy association rule mining are mostly based on the Apriori algorithm or Apriori-like algorithm, to improve the efficiency of mining fuzzy association rule, we present the Fuzzy FP-tree data structure, and applied COFI-tree mining algorithm to mine fuzzy association rule.Finally, combined the plug-in mechanism of Snort system, we present a hybrid detection model based on the anomaly detection of fuzzy association rule and the misuse detection of Snort system. We design and implement a data collection module, data attribute fuzzy module, fuzzy association rule generation module and anomaly detection module. Experiment shows that the algorithm and the abnormal detection moudle designed in this paper have a better performance.