Research On Dynamic Extensible Intrusion Detection System Based On Data Mining

Intrusion detection is a kind of new and initiative recovery technology after data encryption, firewall and other techniques. In recent years, network traffic is increasing, network configurations are updating rapidly, and new attack methods are appeared endless. Most of the existing practical intrusion detection systems usually uses pattern database of well-known attacks to match and identify known intrusions from network data. These patterns matching of methods have high detection performance in the detecting of those known attacks, but for some unknown attacks it can not be accurately detected. In the current research, we use data mining technology to draw characteristic models from tremendous amount of audit data. The application of data mining technology has become one of the most important researches of intrusion detection.According to the research results which the project team has been completed, this dissertation studied and improved the net intrusion detection system with data mining technology. The main content of this dissertation is:①According to the original project results -- the Net Intrusion Detection System, this dissertation designed a Dynamic Extensible Intrusion Detection System based on Data Mining which use data mining technology automatically extract invasion Rule Set and described the architecture of system.②The original project results contain the network data packet collection. This dissertation added the data pre-processing module to Dynamic Extensible Intrusion Detection System based on Data Mining, and converted raw data attribute values into the format which is suitable for data mining, and filter noises.③The original project results of using the rules of experts can only detect the known attack. This dissertation added the data mining module and mined data using clustering and association rule algorithm, and extracted invasion rules automatically in order to update invasion rule base.④Bring into three subsystems: data capture subsystem, data analysis subsystem and the respond subsystem. Finally, Dynamic Extensible IDS based on Data Mining is formed.Testing the Dynamic Extensible IDS based on Data Mining in true environment with function testing, stress & evasion testing, withstand attack testing, data set attack testing, and analyzing its performance showed that the system can meet the need of detection.