The Application Research Of Data Mining In Intrusion Detection

21st century is Information Age in which the computer network is becoming the most important infrastructure increasingly. Those people who hold information of computer network will take up the survival and developing vantage point. The loss caused by lack of information security is rapidly increasing yearly. Information security is gradually becoming prominent and becomes the focus of the computer network. with the fast development of network hardware and the gradual complication of software, the system's vulnerabilities are impossibly completely avoided. The traditional security mechanisms, such as authentication, authorization, encryption, mandatory access control, discretionary access control, are incompetent to impede the illegal users from invading the information systems; Firewall can not hold back incursions taking advantage of system design faults and the encryption channels. Hence, these traditional security mechanisms are unable to prohibit the internal legal users' misusing actions and incursions as well.Single security mechanism's protection ability is limited. So it's essential to make full use of the Intrusion Detection System (IDS). Intrusion detection system is not only detecting internal legal users' misusing actions but also external and internal user's incursions. IDS is a beneficial complementary for the traditional security mechanisms which can gather data from the host's log system ,audit system or network packets and detect intrusions .IDS can alert when intrusions take place. The network will produce large number of packets; IDS fails to find intrusions in time if it can't deal with these data effectively. It's necessary to make use of data mining technologies.Data mining can obtain patterns from plentiful, incomplete, fuzzy and random data .These patterns can be utilized for information management, query optimization, decision support, process control and maintenance of data self.On the basis of the traditional intrusion detection technology, this thesis utilizes data mining technology, and puts forward an advanced large scale coordinating distributed detection system model, which completely applies data mining method and fits such integrated model during data pretreated phase . This system has the feature of self-adaptability and strong expansibility, and decreases false negatives rate and false positives rate. Thus, it achieves the goal of improving intrusion detection quality, and has widely application value.