Research And Implementation Of Intrusion Detection System Based On Sequential Pattern Mining

With the popularity of computer network, the security of network is more and more concerned. To some extent, firewall technology, really plays a role in the security of network protection, but it is not enough to meet users. Therefore intrusion detection system came into being, which is a new generation of security technology after the firewall, data encryption and other traditional security measures. Data mining is a new technology used to the intrusion detection. Combining with the intrusion detection, how to better utilize Data mining and to find more appropriate data mining method are the main purposes of this paper.This paper firstly introduces the background and purpose of the research projects, then introduces the basic concepts of the network security and intrusion detection technologies and the indicators to evaluate the intrusion detection performance, then introduced the basic concepts the data mining and the data mining methods in the common intrusion detection system, including association analysis, classification analysis, cluster analysis and sequential pattern analysis methods. In these methods, association analysis is of the most in-depth study. Correlation analysis can not reflect on the relevance of events in chronological order, while sequential pattern analysis method can overcome this defect. So this paper decides to use sequential pattern analysis method. On this basis, this paper designs an intrusion detection system based on data mining. The system is divided into some modules including data preprocessing, data mining, database, rule base, the output response. This paper is mainly process the modules including data preprocessing, data mining, rule base. In the data mining module, the GSP algorithm and the Prefixspan algorithm with Item Positions Index Tree are used. Through experimental testing, the Prefixspan algorithm has much higher detection efficiency compared with the GSP algorithm, a further improvement of depth of the data mining, the lower rate of mis_reporting and omit_reporting.