Research And Implementation Of Rule-Learning Model Of Intrusion Detection Based On Bayesian Classification

After the popularization of Internet, more and more people have been dealing with all kinds of affairs by Internet. Whereas rampant computer virus and illegal intrusion come along with communications, especially in the days of net work nowadays. Now the firewall is incapability of withstanding outside attacks in the open, the rather that there are also illegal affairs from inside network, such as the operation to exceed inside users'authority and vicious destroying. Therefore how to protect computers and to construct a comparatively safe network is a pre-requisite matter. And then intrusion detection system emerges as the times require with the support of all kinds of technique.This thesis introduces research background and development of intrusion detection technique. And then it also introduces the concept and classification of intrusion detection system, and some works about the standard measure. Afterwards some important algorithm of data mining is discussed and some researches, which are the application of data mining in intrusion detection, have been done. Based on these researches, the thesis designs an intrusion detection system with distributed framework. And the system can communicate with honeypot system and firewall system designed by my teammates. These three systems make up of a perfect active defense system. In the intrusion detection system, a sort of algorithm of data mining, Bayesian Classification Algorithm, has been realized because of several reasons. And it constructs a rule-learning model, including database, mining preparation module, Bayesian Classification module and rule database. And some elementary experiments have been done about the capability of mining, and the result can exceed 83 percent accuracy. But it's a little insufficiency. So a new strategy is put forward for improving its capability based on incremental learning. This strategy can choicely update the training data set and ceaselessly perfect the set, so that the accuracy of examining result can been increased. The accuracy increase 2 percent though testing 30000 data. Finally the thesis realizes the management of rule database, including constructing rules, managing rules and parsing rules.