Research On Intrusion Detection Technology Based On Mining Association Rule

With the network and other additional information technologies wider spread, the security of network system has become changes very importantcrucial. Intrusion Detection System is a network system security protection of key technologies and important means IDS protects the network systemsecurity the essential technology and the important method.Then the existing IDS thepresent invasion examination not only is helpless to not only the new attack or the characteristic unknown invasion, moreover the accuracy and timeliness of examdetectionines the accuracyand timeliness cannot meet the achieve the practical application the demandrequirements. The connection association rule excavation mining(ARM) is an important research content in the data mining research animportant research content, which may can find normal and abnormal behavior patterns from the massive magnanimous data discovernormal and unusual behavior patterndata., We used ARM in IDS can not only effectively detect known attacks, but also to detect unknown attacks with unknown pattern.So, research of efficient mining algorithm based ARM for improving the accuracy and timeliness of intrusion detection is very important.uses in it to invade theexamination not only to be allowed effectively to examine the knowninvasion, moreover also has the examination unknown attack pattern theability, therefore, the research connection rule highly effectiveexcavation algorithm has the count for much significance regarding theenhancement invasion examination accuracy and the effectiveness for aperiod of time.This article was to connected the rule data mining technology and itscarries on in the invasion examination application has beensystematic, thoroughly the study and the analysis research, mainlyincluding below content: In analyzes the Apriori algorithm and its inthe improvement algorithm foundation, proposed in view of itsexistence question one kind of auto-adapted length of stride leapsforward improvement Apriori algorithm (SARM). This algorithm characteristic lies in introduces the auto-adaptedlength of stride, based on connection support statistics and thedynamic pruning concept, thus greatly reduced to the database scanningnumber of times, has solved when the frequent length increase theoperation time remarkably increases the question, enhanced thealgorithm efficiency. The simulation result indicated that, the SARM algorithm has the quiteobvious superiority compared to the Apriori algorithm, may widelyapply to in the large-scale database connection rule data mining. Through to excavated the connection rule increase to renew the FUPalgorithm essential thought as well as the performance has conductedthe research, proposed improvement FUP algorithm SFUP. In this algorithm full use original excavation result candidatefrequent item of collection support number, can effectively reduce tothe database repetition scanning number of times, and carried on thecomparison through the experiment to these two algorithms, the resultfully explained the SFUP algorithm efficiency had obviously to surpassthe FUP algorithm. In view of present invasion examination method establishment normalpattern and unusual pattern insufficiently accurate, perfect, will beeasy to create harms the police or leaks police's question, thisarticle improves after connection rule excavation algorithm -SARM andconnection rule increase renewal algorithm -SFUP applies to thenetwork invasion examination, proposed the new invasion examinationmethod, this method through the excavation training audit data infrequent item of collection establishment system and user's normalbehavior model as well as the invasion behavior model, then throughwill carry on the increase to the real-time network data to excavategains the real-time network behavior pattern, through will achieve theexamination invasion with the pattern storehouse match the goal. The experimental result indicated that, this method has the higherexamination precision and the effectiveness for a period of time.This paper inclues the following: on the basis of Apriori algorithm analysis and improved algorithm,this paper brings forward a self-adapted fast data mining algorithm for association rules against the existence of proplem.The feature of this algorithm is self-adapted ,support statistic based connection and dynamic pruning,which greatly reduces the number of scanning the database.The algorithm solves the problem of operational time increase significantly when length of frequent items increased,that can improve the efficiency. Simulation results show that SARM algorithm has a quite obvious advantages which can be used in association rules mining of large database. Through the research of FUP algorithm for its critical thinking and performance , this paper brings forward an improved FUP - SFUP.The FUP take full use support number of frequent itemsets in the original mining result,that can reduce database scanning numbers efficiently .After comparing these two algorithms through experiment,the result shows SFUP is more efficient than FUP.Against the problem of false alarm and miss alarm brought by the existing intrusion detection methods for normal and abnormal patterns model not accurate and perfert enough,SARM and SFUP are applied into network intrusion detection in this paper which is a new method for intrusion detection. System and user's normal behavior model and intrusion model are found through mining frequent itemsets in training audit data,then network behavior model is got by real time network data incremental mining and detecting intrusion by matching model database. Experimental results show that the method has higher detection accuracy and timeliness.