Research And Implementation Of Intrusion Detection Approach Based On Incremental FHCAM

With the scale of network continuously expanding, the security of the networkis drawing people's attention day by day, the technology of intrusion detectionbecomes one of the most popular researches in IT field. Facing all kinds of attackand destruction of network growing day by day, we urgently need a good detectionapproach to detecting all kinds of network attack with high detection rate and lowfalse positive rate, which possesses the ability of recognizing new and unknownabnormal activities.The present paper begins with analyzing the analysis of current technology IDSand its trend. Then it does a deep research on IDS basing on data mining.Considering the characteristic of network data, we propose an Incremental FastHeuristic Clustering Algorithm for Mixed data (FHCAM). Incremental FHCAM isan unsupervised algorithm, which can fast recognize the normal or abnormalactivities of the network and possess the basic ability of recognizing new andunknown abnormal activities.First, the paper introduces the relevant theories of IDS, has made thoroughanalysis of the current station of the technology of IDS. Otherwise, it discusses somemeasures which how to evaluate the technology of IDS.Second, it introduces the basic concept of data mining, some commonly useddata mining methods, and its prospect in the future. We emphasize on the analysis ofclustering analysis algorithm and FHCAM, point out the lack of FHCAM algorithm,and propose the method of reducing its complexity of time.Finally, we propose and implement the intrusion detection approach based on aincremental FHCAM. It can recognize the abnormal activities rapidly and exactly. Italso has the ability of recognizing new and unknown abnormal activities. We havemade examination and proved it to be fine.The main characteristic and innovation of the research is below:(1) According to the isomerism characteristic of the network data set, we enable the algorithm to be able to process isomerism data by using geometry distancemeasure method to value attributes and differentiation measure method to characterattributes separately.(2) Improving the main performance of FHCAM, reducing the algorithm'scomplexity of time, enhancing the rate of making clusters distinctly.(3) We propose and implement the intrusion detection approach based on anunsupervised incremental FHCAM. It can fast recognize the normal or abnormalactivities of the network and possess the basic ability of recognizing new andunknown abnormal activities.