The Design And Development On Distributed Intrusion Detection System Based On Data Mining Technique

Intrusion Detection System (IDS) is an important technique in the area of computersecurity, and it is also a hot issue in present computer security theory reseaches. But thedevelopmet of IDS has now faced new problems; one of the most major problems is on thecontinuous increase of amount of intrusion alarms and the high alarm rate by mistake.At first, the paper describes the concept of intrusion detection and relativetechniques, the present research status on IDS, and analyzes the application of data miningtechnique in IDS. The paper discusses the data mining algrithom Apriori and its extension.In order to reduce the alarm rate by mistake in IDS, the paper puts forword themodification to the original algorithm using variable minimum threshold and confidence,and gives out the strategy to adjust the minimum threshold and confidence values. Thepaper designs the new data mining algrithm based on variable minimum threshold andconfidence, and optimizes this algrithm.The system uses the distributed multi-tier architecture to make overall design, so as tofit in with the needs of the applied environments of multi-tier branches and broadgeographic distribution, and at the same time, it also enhances the detective power to thedistributed co-operative intrusion. The paper makes detailed design and implementation toABCIDS and its main composed modules——the detector subsystem, the detectionanalysis subsystem, the database subsystem, and the controller subsystem.The system uses the distributed middleware technique——CORBA. By means of thecharacteristics of CORBA's "sofatware bus", the paper has sucessfully resolved theproblems of heterogeneity and adaptability of system platforms, and the security issue ofCORBA technique has also been discussed. Based on CORBA's good real-timeperformance, the paper proposes to enhance the intelligent capability of system analysisand the adaptbility to new kinds of intrusion using the diatributed detection methods andcombining the data mining technique. The paper has discussed in detail to the architectureof the distributed network intrusion detection system ABCIDS based on CORBA, itscommunication model, functional model, system structure, and etc, and has also given outthe IDL programme description to the key objects in system communication.