| As network-based computer systems play increasingly vital roles in modern society, because of various reasons, these systems have become the target of our enemies and criminals. In order to protect these systems, we need to construct layered network security guarantee architecture, and IDS is one of the most important components of the architecture.Traditionally IDSs are developed by hand-coded ways, because of the manual nature of the developing process, IDSs constructed by this way have limited accuracy,extensibility and adaptability. Aiming at these shortcomings, based on the theories of data mining and intrusion detection, a framework for using date mining algorithms to construct intrusion detection models is presented in this paper. Firstly, describe the process of using classification algorithms to develop misuse detection models; then, discuss how to construct anomaly detection models using association rule and frequency episode algorithms in detail. In the process of data mining, there exists a sharp boundary problem if using intervals to deal with quantitative attributes, so we introduce fuzzy sets to solve this problem, and experiment results approve the feasibility of using fuzzy association rules and fuzzy frequency episodes to detect anomalies. Meanwhile, a major problem in anomaly detection is that system can issue false alarms when there are modifications in the normal system behavior; therefore, we present an adaptive data-mining framework for anomaly detection. The normal profile can be updated at regular intervals, and as a result, false alarms are significantly reduced. |
PDF Full Text Request