| With the rapid development of computer and network, especiouly with more and more companies and users surf Internet, more and more people have focused network security. IDS(Intrusion Detection System) is widely used which is a new type of safety protection technology after traditional security protection method such as firewall, data crypting, etc. Intrusion detection is more challenged to increase running speed and improve checking result because of the constant expansion of network scale and more complex application of network. The traditional network intrusion detection systems can not adapt to current Internet circumstances which detect intrusions only according to the packet features below the transport layer, so more problems exist such as easy to be evaded, high false positive and low efficiency. In order to overcome these problems, increase intrusion detection system's performances, this paper improve Internet data pretreatment before data mining.After lucubrated the theory of intrusion detection system and currency intrusion detection system frame, a intrusion detection platform based on Windows 2003 is designed. This system is realized by C language, every module is developed by component, this make the platform possess excellent extensibility and transplantation. Designing and developing on the IDS experimental platform based on Windows, through PC simulation, the investigators and learners acquaint the theory of intrusion detection system fleetly and conveniently for further study.The main contents of this dissertation is data pretreatment module. In the study of data pretreatment technology, firstly,this paper propose a improvement model using dual filters based on missuse detection and anomaly detection,this model filters the normal data in the network data,which reduced the worklord of the data mining , improved efficiency and accuracy of knowledge discovered tremendously; In anomaly detectiion-based fliteration, this paper have proposed a similarity degree (relevance modulus)-based discriminant method , which improved the rate and accuracy differentiating between in modals;filtrating and summarizing on characteristic attributes of application-level protocol such as Telnet, FTP, HTTP, et. ,a data warehouse is build which possess six dimensionalities and four main measures by SQL Server 2000.Data after simply integer mapping can be used as the input of sequential pattern mining, this afford high quality data and uniform format for quickly mining sequential pattern. By these data pretreatment process, greatly improved the ability of distinguish application-level attack such as R2L , U2R attacks, intrusion detection system's performance was rised.The data preprocessing method have been tested in experiment environment,and it is proved that the method could effectively reduce the misreport rate and fail report rate to the application layer attacks. At last ,paper carried out a summary on the job that have accomplished and the job needing to be in progress next step. |
PDF Full Text Request