| With the development of the network technology and the growing usage of network,the number of attacks is increasing.Nowadays,network security problems are increasing prominent,and how to find intrusion activities quickly and efficiently has become important to the security of system and network resource.It is very difficult to keep system safe only by static safeguards such as firewall,data encryption.IDS(Intrusion Detection System) is an active and driving defense technology.It is an essential component of information security infrastructure protection mechanism.Based on instrusion detection method and technology already cause more and more people notice.Unknow intrusion detection accomplish by abnormal detection in the intrusion detection.Traditional abnormal detection methods need a reference model with a profile of normal action.But building the characteristic profile are difficult.In addition,intrusion detection systemmatic extensibility and adaptability are poor too.It is difficult to detect unknown new type of attacks.To overcome of the shortage of these,we emphatically study on how to take the clustering technology to the fields of the IDS.The thesis begins its discussion by introducing the technology and model of ID,the methods of the unsupervision.then draw forth the clustering algorithm.On the base of above study, we put forward to a clustering based on intrusion detection model.By virtue of this model is that it needn't labeled training data sets by hand or other methods,and this approach can detect unknown intrusions efficiently in the real network connections.In the detection the model may be incremental updated by the increasing useful information.The new model after incremental clustering is proved to be with high detection property comparing to original model. |
PDF Full Text Request