| The Intrusion Detection System (IDS) is the necessary supplement of the fire wall, and IDS is brand-new computer security measure compared with the traditional encryption and access control. After collecting the original data from system and network, the research emphasis of the intrusion detection (ID) is how to constitute intrusion detection model. The detection model realized by handwork rules and other special way makes most IDS possess limited validity and adaptability. Applying data mining (DM) technology to IDS is based on the idea, which is a kind of viewpoint of centering on data. The content of this viewpoint is: trying one's best to eliminate manpower behavior in constructing IDS, testing process look upon as data analyzing process, and thereby improving the automation level in constructing IDS.In order to improve the ability of entire systematic detecting and reduce the rate of false-positive and false-negative effectively, this thesis will apply DM technology to traditional IDS so that a great deal of data from IDS can be efficiently processed and IDS rules base can be constructed. DM technology is to be used to mine the large amount of network behavior data provided by cajolery link, and made the data become the effective sample data being able to carry out training on rules aggregation. The mining method of associate and sequential rules can be used to ID and get intrusion rule base thereby. The main work of this thesis will be described briefly as following:1. By studying and analyzing the defect of traditional IDS, it is pointed out that extraction of rules of IDS is mainly relies on how to efficiently process the huge amount of network data. It is known that DM technology is exactly a forceful data processing tool that can draw-out knowledge and rules from immense of data. The necessity of applying DM technology in IDS is reasonably explained in this thesis.2. By comparing some algorithm of DM technology, and combining with IDS which the algorithm applied in, the conclusion can be reached that it is more suitable that applying association rule and sequence pattern algorithms to IDS. 3. In order to progress the efficiency of DM algorithm and get useful association rules, we improve the two problems of Association algorithm respectively by changing the method of generating frequent itemsets and filtering out the educible rules though key attributes and minimum confidence. In addition, we have explained the validity by concrete example.4. To sequential pattern algorithm, this thesis seeks frequent relevance by adopting key attribute, and from which produce frequently serial sequence. This improvement algorithm not only removes irrelevant rules and also provides more useful information to describing the relation between auditing data.5. We have designed an ID platform based Windows, which can realize a humane-computer interaction by management module. And under the control of human, the platform will carry out some functions, such as data creating, data preprocessing and data mining. In addition, the construct and renewal of rule base are introduced in detail.6. It is a very active research field that studying ID based DM. In the end of this thesis, the direction needed to study and improve in this field has been given by author. |
PDF Full Text Request