Network Intrusion Detection System Based On Data Mining

Intrusion detection, as an active security defending technique, is second guard for a computer network following firewall, which is a hot research in a field of network security. Intrusion detection technique based on data mining is emphasized in the thesis, the technique deals with the data collected by data mining program, forms the model accurately discerning intrusive and normal modes, and avoids manually analyzing collecting data and encoding intrusion mode. Here are the details of work:1) Summarize the research actualities and development trend of intrusion detection technology.2) Summarize research application of intrusion detection based on data mining.3) One model included with rules and protocol analysis and data mining analysis is proposed in the thesis, method of rules detection engine is high utility and fast, protocol analysis provides possibility of application layer detection, data mining technique is very intelligent, and realization method of intrusion detection system based on data mining is specially discussed. Applying some existing algorithms of association analysis, sequence pattern analysis, and data classification to the intrusion detection system. Moreover, characteristics were drawn and rules were set up on the intrusive behaviors. We detect intrusion action by analyzing the audit data and patterns recognition, to form an intelligible detection system. we implement a prototype by experimenting on misuse detection of connection records and anomaly detection of user behavior profiles.