Research On The Application Of Outlier Mining Technology In Intrusion Detection

With the development of E-commerce, more and more vital operations begin running on the web. However, the risk of network intrusion that computer system underwent is becoming larger and larger because of the Internet's open characteristic, so people are increasingly concerned about network security. As an important part of the tridimensional security architecture, intrusion detection has become the major researching concern of network security theory nowadays. The combination of data mining and intrusion detection can make the intrusion detection system deal with a vast amount of data and have the ability of extension and self-study as well as enhance the detecting ability. According to the point of data, intrusion detection is a process of data analysis. The invasion which is obviously less than normal action in amount can be seen as the outlier. Therefore, outlier mining is a fundamental and important field in data mining, and it can be used to identify varieties or unknown invasions as one of tools for intrusion detection, which is of great value in promoting intrusion detection system.The dissertation mainly focuses on the research and application of outlier mining in intrusion detection system, which makes traditional intrusion detection system have great capability in anomaly detection.(1) By combining domain knowledge and the actual situation of intrusion detection, improving CLARANS algorithm and striving to improve the detection accuracy, a notion based on protocol analysis is proposed.(2) Taking the network environment into account, DLOCI algorithm is proposed in which the intermediate results are utilized. Thus, it greatly improves the efficiency of the system.(3) On the basis of the analysis of Snort, a universal experimental intrusion detection platform is made, which is based on outlier mining technology. Then some key technologies are discussed and a series of experiments are executed.These experiments prove the superiority of improved algorithms and the feasibilityof the model, and many flexible and practical improvements enhance the operating effect. When unknown invasions occur, Intrusion Detection System can analyze them and update itself at once, and finally accomplish research tasks.