Research And Application Of Association Algorithm In Intrusion Detection

With the increase of informatization level and enhancement of dependence on computer networks for human society, computer network security has aroused extensive attention. Intrusion Detection is a security technology to detect the intrusion through monitoring the target system in runtime. Now it has become a hot research in a field of network security. However, current intrusion detection systems lack effectiveness, adaptability and extensibility. Aimed at these shortcomings, this thesis takes a data-centric view to IDS and describes a framework for constructing intrusion detection model by mining audit data.This thesis first provided the background on IDS. We then provided the data mining knowledge and the applications in Intrusion Detection. By studying and analyzing the flaws of traditional IDS, we can know that we should deal with numerous data to solve these flaws. The Data Mining technology is exactly strongly data-dealing tool. So through using the Data Mining technology into IDS to deal with the numerous data, we can improve the detect-ability of the whole IDS, and reduce its fake alert and error alert.By comparing some algorithm of DM technology, and combining with IDS which the algorithm applied in, the conclusion can be reached that it is more suitable that applying association rule and clustering algorithm to IDS. This thesis focuses on the association and clustering algorithm and by analyzing the existent algorithm flaws, we raises a modified association algorithm Ad-Apriori,and according to the existent algorithm flaws when the two algorithms are used into IDS,we suggest a combined data mining thinking. By using the tree memory structure and provision sets which used to simplifying the Database, improving the pruning operation, and using the perfect Hash function, we improve the Apriori algorithms and then prove the effective with examples and experiments. By adding a clustering radius in algorithm, we mend the K-mean algorithm.At last, we design an ID model based Data Mining, introduce the functions of each element, and dwell the working principle of the model.