Research On Intrusion Detection Algorithm Based On Data Mining

With the rapid development of the information technology and increased human life requirements, computer science and network technology and their applications have been improved immensely. The new concepts of E-Government, E-Business, online banking and military information and their application brought up a tremendous change of the social running style, and the information security now encountered a severe challenging of various computer virus, intrusion and attack problems.Based on the background mentioned above, we have made thorough study on the current intrusion detection algorithms and methods, proposed intrusion detection algorithms using the data mining technology. Our algorithm has higher efficiency than other existing ones and ensured the corrective detection rate and the false positive rate, which are the most two important measurements of the quality of intrusion detection.The main achievements of this paper are as follows:(1)For the purpose of solving the problem of an algorithm of finding distance-based Outlier (Cell-Based), an algorithm of intrusion detection based on kernel mapping IDBKM is proposed. We mapped the data from the original space to a high-dimensional feature kernel space by kernel function, and redefined the distance between the data. After initial clustering processing, we got k value, the number of clusters and the original cluster centers. Through modified objective function's iterative processing, finally we got the cluster centers. Those which were out of the cluster centers'radius r were the outliers. Experiments show that the data are more separable in this algorithm, and this algorithm also can overcome the faults of traditional outliers finding algorithm based on distance i.e., need to be recomputed from scratch for every change of the parameters, it also has high detection rate at higher convergence speed.(2)In traditional intrusion detection algorithm based on SVM, the classifications (detection) speed depends on the number of the number of support vectors. To avoid such limitation, an algorithm of intrusion detection based on reduced vector machine is proposed. After feature selection via the mean and the square difference of each feature of samples, we cluster the support vectors, reduced the number of support vectors, decreased data redundancy, quicken the classifications speed, receded the complexity of classification machine. Through reducing the vector's property and vector's quantity, we improved the intrusion detection speed while preserving machine's generalization performance.(3)An algorithm of intrusion detection based on probability outputs of support vector machine is presented. The differences and weights for combination of the probability output among these two-class classifiers calculated from the posterior probability are given based on the Bayesian theory. Experiments show that the weighted posterior probability method has less classifications errors, better classification ability, and a better probability distribution of the posterior probability than then voting method.