| With the popularization of network and fast development of net technology, the problem of network security is becoming worse. The security cases which came out frequently have caused large damage. The current security system is made up of fire wall and anti-virus software. It is not strong enough to solve the problem. As a rising technology, intrusion detection becomes an excellent complementarity of the system of computer security system. And more and more people apply to this research area.This thesis imports data mining to intrusion detection. First, the concept, major technology, research actuality and system sorts of intrusion detection technology are presented. And then, the method of data mining is introduced detailedly. Some arithmetic is enumerated. Based on these, a distributed network intrusion detection system based on agent is designed. The single agent has the characters of independent and having its own capability of detection. With these characters, the agents can be disposed to many points of the net and perform different tasks. The agents corporate each other, and upload information to the control center. The data uploaded is executed by data center. The new strategy is formed and distribute to the agents. The base of strategy is formed with the method of data mining. It can reduce the dependent of expert knowledge and increase the ability of self-building model. The ability of unknown type detection is improved by using the mixed detection way.The data mining model used in intrusion detection is discussed significantly. The execution of audit data includes pre-executed, rule mining, pattern compare and classified mining. The behavior pattern of different kind of data is classified form large amount of data. The rule of these patterns is stored in the base. The experiment shows that it has the good effect. |
PDF Full Text Request