| Intrusion detection, as a kind of active defense technology, can detect sorts of malicious attacks in time and respond on its own initiative when the network system is endangered. It is a reasonable supplement to traditional security technology such as firewall. As a new network security technology, intrusion detection technology is becoming the major concern of network security research field nowadays.Meanwhile, there are many problems in current intrusion detection system. Aiming at these issues, a universal intrusion detection system is proposed based on data mining that gives the system model architecture diagram and the main flow chart of the system model, then designs and tests the data mining module. This data mining module mainly applies Back-Propagation Network algorithm, one of the machine learning techniques in the intrusion detection system model, based on the DARPA training and testing data sets from MIT Lincoln laboratory.The intrusion detection system on network traffic anomaly is separated into two parts: one is the module of data collecting and settling, the other is the module of data mining and analyzing. On the framework of this intrusion detection system, a series of attributes about attack characters are given, based on the specialty of network traffic anomaly, which are filtrated by using the Back-Propagation Network technique that makes sure finally what kind of combination of character attributes are suitable for the intrusion detection. These character attributes are used as the output of the module of data settling and the input of the module of data mining. Whether the attributes are chosen in reason affects the performance of data mining and relates to the maturity of the whole intrusion detection system. The module of data mining is used directly for choosing these character attributes, and the rationality of selection check of attributes can be validated by the output of the module of data mining. |
PDF Full Text Request