| As active defense technology, IDS (Intrusion Detection System) compensates the defects of traditional defense technology, but in the face of rapid updated network configurations, the drastic increase of network traffic and so many new attack methods, traditional IDS has some limitations, such as poor adaptability, inability to detect novel attacks; lack of the ability to adapt the ID model derived from certain computer system to another system and so on.The thesis analyzed of the research on intrusion detection at present, and then had a deep research in the data mining technology's application in Intrusion Detection. The research works included in the thesis is as following:Intrusion Detection's theories were analyzed. IDS's definition and classes and model of intrusion detection were summarized. The advantages and disadvantages of intrusion detection were analyzed in detail.Combined some researches of intrusion detection based on data mining, the problems in intrusion detection based on supervised data mining were analyzed. The significance of the research of unsupervised intrusion detection was pointed out.The problems of clustering research in intrusion detection were analyzed. The clustering analyzed research was made on KDD99 dataset by using k-means clustering algorithms. Normal and abnormal dataset's clustering shapes were observed and analyzed by experiment. The experiments show that k-means algorithm can cluster similar data better. But the result has some small normal clusters. This will result in some questions in unsupervised intrusion detection. And the improved way that uniting the similar clusters was put forward.An improved clustering algorithm (Double Clustering algorithm) was presented, and was applied in intrusion detection. First small spherical clusters were made, and then the small clusters were united to some bigger clusters and achieved the aim of the same dataset clusters getting together. The algorithm was... |
PDF Full Text Request