Research On Intrusion Detection Based On Data Mining

Intrusion detection is an active security defending technology after the traditional safe protective measures, such as firewall, data encrypted etc. With the development of computer and network technologies, the popularization of numerous storage and wide-band transportation, the data which the intrusion detection system should analyze expand sharply. It spends much time to analyze these data using traditional methods. Applying the data mining to the intrusion detection can improve the speed and the capability.Firstly, the basic theories of intrusion detection and data mining are introduced, and the shortcomings of the traditional intrusion detection system based on data mining are analyzed. Then an improved framework of intrusion detection system based on the theories of data mining is proposed and the components of this framework and the processing of intrusion detection are described in detail.Then, the key technologies of the system including intrusion rules constructing based on data mining and real-time intrusion detecting based on sliding window and Bayesian method are researched. According to the characteristics of the network data, an improved algorithm, namely long-item prior producing algorithm, is proposed in this paper. This algorithm progresses the efficiency of data mining algorithm by changing the order of generating frequent itemsets. Meanwhile, the method of producing intrusion rules by frequent items is presented and the XML files have been used to save the rules in order to make a universal rule-base. In the real-time detection module, the system uses the sliding window and deals with the data stored in the window by subjective Bayesian method. Then the process of intrusion detection is expounded and the detection algorithm is designed.Finally, the realization of the prototype system and the analysis of the experimental results are presented.