Study Of An Agent-based Distributed Intrusion Detection System Using Data Mining Approaches

As a kind of active measure of Information Assurance, Intrusion Detection acts as the effective complement to traditional protection techniques and takes a significant part in security. Along with the highly development of the computer technique and network technique, the extensive adoption of the distributed calculation environment, the great storage and the spread of the high bandwidth transmit technique, traditional intrusion detection system based one computer hasn't already satisfy the need of the safety. As a result, Distributed Intrusion Detection (DID) has developed into the focus of Intrusion Detection and the whole realm of Network Security.Firstly this text carries on the analysis to the present condition of the network safety and the application of IDS, then analyzed the existing technology and the challenge which faces with emphasis. Then, this text also briefly introduced the data mining technology and the development, advantage and present research situation of DIDS.After the analysis and comparison of advantages and disadvantages of the present intrusion detection technologies, we here present an agent-based distributed intrusion detection model using data mining approaches. This model uses the mixed system structure and divides the network under protects into several Sub- net. It is composed of local ID and Sub- net ID. The function divisions of the components use the reference of CIDF model. It is distributed, intelligent and expandable, and resoles the problems of network traffic bottleneck and a single point of failure effectively.Then we introduced the system design and the concrete realization. This text applies a kind of abnormal detection technology which based three kinds of data mining technology (Cluster, Association rule and Sequential rule) which can accurately capture the actual behavior of network traffic. The decision maker combines the alarm from all the detected agents and makes alarm declaration decision.Finally tested with 2000 DARPA from MIT Lincoln Laboratory, Results of experiments show that our system can detect unknown attacks effectively and increases detection efficiency and decreases the number of False Positives.