The Research On Intrusion Detection Techniques Based On FP-Growth And SLIQ

Network's security has caused people's extensive attention. Traditional safe protection technologies which adopts identification, authentication, access controlling, cryptography and so on can't prevent the intrusion behavior which intrudes into the unauthorized computer system by utilizing computer defects of software and hardware of system, and the technique of the fire wall can not deal with the endless defects of application designing and the attacks which access the encryption channel. So it's necessary to have a technique that can find and report the system intrusion behavior in time, namely intrusion detection. Intrusion detection which is regarded as an important technique of network protection has become a popular research direction of network security. At present, the international leading and advanced intrusion detection technique is applying data mining technique to IDS (Intrusion Detection System) in order to design an intrusion detection system that is both safe and efficient.Based on the research background stated above, the data mining technique based on CIDF (Common Intrusion Detection Framework) for updating detection rule library automatically is presented in this thesis, which can solve the problem of detection speed and the scale of data set to improve the adaptability and extensibility of IDS. Firstly, according to CIDF, the thesis designs a scheme on modeling intrusion detection based on data mining and brings forward the idea of descriptive model and classified model of intrusion detection. Secondly, we apply FP-Growth (Frequent-Pattern Growth) algorithm to IDS, extend and improve it according to the characteristic of algorithm and knowledge of intrusion detection. The improved algorithm can discover association patterns of data and picks up the algorithm's detection speed. Finally, we use SLIQ (Supervised Learning in Quest) algorithm to classify intrusion data. SLIQ algorithm uses several techniques such as pre-sorting, breadth-first growth and so on to solve the problem of large data sets classification. This algorithm picks up the detection speed, meanwhile it doesn't reduce the precision. The experiment result shows that using these algorithms for intrusion detection is effective, which can reach the goal of improving intrusion detection quality, and has widely application value.