Intrusion Detection Engine Research Based On Fuzzy Cluster

Intrusion detection plays important role in the information security architecture , its essence is a data processing process to the mass data such as network data packet, the audit log ,etc .The method of how to extract the representative intrusion pattern automatically from those data which contain the massive redundant information and effectively use these patterns to carry on the detection is the key of intrusion detection .The efficiency of intrusion detection system is the co-operating result of all parts , and the worst part is the bottle-neck of the system.The independent recognition and judgment to new and unknown data is a developing direction of intrusion detection system and it's also a difficulty.Based on the existing research of information system safety control methods and unified other discipline knowledge, this article proposed an intrusion detection model from a new angle of view and it can solve the insufficiency of existing models. This paper also proved/tested the validity of the model. This article mainly did such work as below:(1) the paper proposed a new dynamic self-adaptive intrusion detection model DMHDAIDM which based on data mining and honey-pot technology. The model completed self-adaptive and self-control through self-feedback and self-modulation mechanism by combining data mining technology and honey-pot technology ; The model enhances the detection speed and the detection ability by using the different data in view of the different demand and separating the examining process and the data mining process ; and enhances system performance by using the pattern rule and the rule route。This article has produced the principle of design, channel of design and its model structure of DMHDAIDM, and proposed based on it FCAIDM(fuzzy cluster adaptive intrusion detection model).(2)considering the shortcomings of data mining , the paper improved the model design and introduced FCMBP into intrusion examination and proposed mix-data self-feedback arithmetic based on fuzzy cluster. The result of evaluation indicated that the method is prior to other methods both in operation efficiency and in the effect of...