Applications And Research Of Data Mining Process Based Intrusion Detection

Intrusion detection technology based on data mining is considered to be a hot domain of researches on network security. The applications of data mining play important roles especially in the distributed Intrusion detection systems. We focus on data mining process of intrusion detection, and set about the work from modeling of intrusion detection system, with application of metadata, data fusion technology, decision support technology and fuzzy technology for intrusion detection systems.Data mining is the mainline of the paper, so we first use metadata description to run through the data mining process of intrusion detection, metadata can be applied to the data fusion, decision support, the exchange of information at all levels. (1) The data object in IDS can be defined by metadata; for example, it describes the network data protocols and packet attributes, intrusion detection rules, and intrusion detection incident; (2) Moreover, it defines a decision support model of Intrusion Detection System on the basis of above-mentioned data processing (integration), and use metadata to describe; (3) Taking into account of the communication between system components, it makes a redefinition and description of Intrusion Detection message exchange format (IDMEF) under the guidance of the standardization work of relevant international organizations.Based on the above, this article provides a metadata model of intrusion detection—MDBIDS. In MDBIDS, unlike the role of Tim Bass Intrusion Detection Data Fusion model, the narrow data fusion is conducive to intrusion detection system assessment and threat assessment. The paper also uses a special kind of decision-making matrix - Fuzzy complementary judgment matrix for Distributed Intrusion Detection in Multi-experts (sensing unit) decision-making situations. A vector algorithm for sorting is provided and the example is verified. It should be pointed out that the algorithm is to Multi-experts (sensing unit) of decision-making situations and does not represent MDBIDS decision support modules. In chapter V we give prototype implementation for several key modules of MDBIDS, which is applicational for software engineering.In the last part, some incomplete problems are put forward. And it also advances the future direction for research.