With the rapid development of network, the problem of network security ismore and more outstanding. The limitation of traditional method in network intrusiondetection is increasingly distinct, and it already can't adapt to the trend of endless newattacks and increasing data quantity. Data mining could extract potential and worthypattern from large amounts of data;as a kind of strong mathematic tool to analyzeuncertain knowledge, rough set supplies a new method for data mining.This paper researches on the intrusion detection and data mining, and then buildsan architecture combined misuse detection and anomaly detection. It diminishes thescale of data through applying rough set to preprocess and attribute reduction, and theimproved algorithm is adapted to the IDS. It builds the rule base through rough set andassociation rule mining, supplies an anomaly detection model based on distance usingattribute significance, and it is effective on the test data. |