| Intrusion detection is one of the main research directions in the field of network security. Data mining enables network intrusion detection system (NIDS) to automatically find new patterns from a mass of network data. In addition, it helps to ease the burden of writing intrusion patterns and normal patterns by hand.This paper briefly reviews intrusion detection, and data mining techniques, before analyzing the Snort NIDS in depth. A Snort-based NIDS model enhanced with data mining techniques is then developed, with efforts given to three of its key modules in abnormal detection engine, the cluster analysis module based on K-Means algorithm, and the association analyzer based on Apriori algorithm. The K-Means algorithm is modified to be adopted in NIDS.Experimental results demonstrate that this data mining based NIDS can effectively establish models of network normal activity and significantly accelerate intrusion detection, whilst its association analyzer can effectively unearth some new intrusion patterns from abnormal logs, and automatically construct intrusion detection rules. |
PDF Full Text Request