Research On Real Time Data Mining-based Intrusion Detection System

With the development at full speed of the network technology, the computer network is applied to each field of the human activity extensively, the impact on social economy and people's life of the network is greater and greater. The security question of the network receives the extensive concern more and more, technology and products that various kinds of network security correlated with are emerging constantly. It is an important technology among them to intrusion detection technique. This paper has put forward using the technology of the Data Mining in order to improve their performance for intrusion detection systemIn reference to former related papers, we present an architecture of our research in a Novel Real Time Data Mining-based intrusion detection system(NRTDMIDS). Because of the single detection strategy, high false-passive and false negative in existing intrusion detection, we augment an adaptive strategy manager and adaptive model manager on distributed real time framework. To decrease the dependence of the expert, ASM and AMM adopt data mining technology. We present a distributed architecture consisting of sensors, detectors, a data warehouse, a data analysis engine, adaptive model manager and adaptive strategy components. We use association rules and frequent patterns to construct the detection strategy .which cut down the artificial encoding and enhance the automatic ability. We also use RIPPER to produce strategy and construct classifiers. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models and strategies. This architecture also improves the efficiency and scalability of the IDS.This system model, using independent component design, maximum reducing resource of protected host computer take up, they are very important for real-time character of detection system. And adopt getting centralized method of management, all components joined together with the data warehouse. This makes it convenient for centralized management and control to the whole system. For the connection among the components, we adopt the agreement form in common use. We adopt XML form to transmit information between each component. This makes systematic compatibility and expansibility improved greatly. So it has good compatibility for some good modules on the existing intrusion detection system.