Research Of Intrusion Detection System Based On Genetic Algorithm And Association Algorithm

Intrusion Detection System (IDS) is an important branch of Information Security Area. It is a new security technology which is different from traditional security protection technology, such as firewall technology, anti-virus technology and data encryption technology. IDS can not only detect the intrusion outside of the network, but also supervise non-authorized users'activities in the intranet.At present, some limitations of IDSs lead to lower detection rate and high false-positive rate. So many users refuse to deploy the IDSs. On the other hand, it indicates that the technology of IDSs is not matured enough and IDSs need to be improved in many aspects. Especially, if IDSs based on data mining technology can get over the bottleneck of technology, they would play important roles in information security fields.The functions of data mining technology include many aspects, such as automatically predicting trends and activities, association analysis, cluster analysis and classification. This dissertation only focuses on anomaly–based intrusion detection system and use association algorithm to mine the rules from the database, in which network data and audit data are stored. These association rules represent the normal accesses of users and are used to implement analyzer of IDS. The association algorithm would consume a great deal of time and spaces of IDSs and access database frequently. So it is not efficient and the IDSs based on association algorithm respond slowly. The minimum support and minimum confidence settings of this algorithm play an important role on the efficiency of data mining. High value of minimum support and confidence settings would filter some useful rules while low value of settings would cause response slowly. It is difficult to balance the confliction. So the settings of association algorithm in IDSs would affect the detection rate, false-positive rate and the load of the IDSs.In order to solve the problem on the settings of association algorithm in IDSs, We develop the Genetic Algorithm to search the optimum range of minimum support and confidence settings of Association rules algorithm off-line. This method can provide arguments reference for association rules algorithm in the real time intrusion system. It also can improve the performance of intrusion detection system includes detection rate and false-positive rate.