Grid Intrusion Detection Model Based On Improved FP Tree Algorithm

Internet is an important tool for communication in modern society, with the development of science and technology people have a higher request to the share of the network information resources, internet will be substituted by a more advanced technology, this will be Grid. The security problem is the grid core question. An IDS (intrusion detection system) which has a good structure, is reliable and expandable plays an important role in establishing a perfect grid information security guard system. There are several problems that low detection veracity rate, slow detection speed and bad self adaptability in traditional IDS. In order to settle these problems, recently, IDS based on data mining appears, data mining aims to extract hidden forecasted information, discover the latent patterns among data and present to users in a comprehensible and observational way.By analyzing the characteristics of the intrusion behaviors in grid environment, and basing the host-based and network-based intrusion detection technologies, this paper proposes a grid intrusion detection model based virtual organization. Virtual organization is a dynamic set, it contains many individuals and (or) organizations which abidance by certain resources sharing rules and conditions. This model establishes a resource directory server in each virtual organization, resources that can provide analysis services register in the server, the users discover the best available resources through the resource list server, and thus it can analyze the audit data with great efficiency, making full use of the resources in virtual organization.This paper focuses on discovering the potential attack behaviors by analyzing association rules in audit data. FP tree algorithm is one of the most efficiency algorithms for mining frequent item sets at present, this algorithm adopts the recursion strategy which the patterns grow, although avoids the candidate item sets' production, it needs to construct massive condition FP-trees in mining processes, so it needs to waste time and take massive memory space. Aiming at the shortcoming that low efficiency of FP tree algorithm, this paper proposes mark FP-tree algorithm, this algorithm adds mark bits in each node of the FP tree, and uses mark bit for tagging the processing nodes on original FP-tree at every operation process, and thus it don't need additional memory space to produce condition pattern trees, so it saves memory space and improves time efficiency greatly.