The Improvement Of Apriori Algorithm And Research On Application Of It In Snort IDS

With extensive application of the network and development of the network technology, especially the hacking technology, network security is increasingly attracted widespread attention. In order to more fully protect the network environment, the need to find a timely and effective attacks, and take measures before this kind of behavior cause and destroy to the system and data. Intrusion Detection System is one such tool for network security. It regards data analysis as the core, adopts the tactics of the initiative defense, and becomes an important protective screen that the network attacks.The Data Mining as an effective means of data analysis is naturally introduced to the intrusion detection system. Based on Data Mining Intrusion Detection System has become a hot research issues. Data mining enables network intrusion deteetion system (NIDS) to automatieally find new patterns from a mass of network data. In addition, it helps to ease the burden of writing intrusion patterns and normal patterns by hand.Snort is one powerful lightweight network IDS. It has the ability of real-time data analyzing and recording IP network data packets, and it can be able to process protocol analyzing, definite content searching or matching. Snort also can detect many different attack ways, and then give a real-time alarm. Furthermore, Snort has good expansibility and transplantability. Apriori algorithm is used to find one dimension rules, one layer rules and Boolean rules. It is based on an obvious conclusion that as the itemsets k is a frequent set the itemsets k-1 is also a frequent sets. The problem of discovering association rules can be divided into two steps:1. Find all frequent itemsets (sets of items appearing together in a transaction) whose support is greater than the specified threshold. 2. Generate association rules from the frequent itemsets. To do this, consider all partitions of the itemset into rule left-hand and right-hand sides. Confidence of a candidate rule X?Y is calculated as support (X∪Y) /support (X). All rules that meet the confidence threshold are reported as discoveries of the algorithm. In this paper, the application of the apriori algorithm in Snort intrusion detection system is the focus of the study. First of all, the general theory of intrusion detection systems and the data mining technology is introduced. Then, we proposed the improvement of Apriori algorithm, and studied the application of apriori algorithm in Snort intrusion detection system.Introduction of chapter one of this text, has mainly introduced the background knowledge and current situation at domestic and international of this research. Chapter two of this paper describes the basic concepts of the Intrusion Detection System, its classification, commonly used detection technology and general system structure, and intruduces the basic concepts of the Data Mining and Knowledge Discovery and some of the major data mining technology, and the application of Data Mining in the IDS. In the chapter three of this paper, we detailed analyze the rule-based and lightweight Intrusion Detection System-Snort and the data mining algorithm-Apriori based on association rules, and made improvements on the Apriori algorithm, then we analysis the effectiveness of the improved Apriori algorithm useing experimental. Chapter four of this paper, we design and implement an Intrusion Detection System based on open source system-Snort, in which we introduced Apriori algorithm that process the data for data mining to find abnormal behavior of network. Through simulation testing and application deployment, we analyze and test the system performance.