Study Of Intrusion Detection System Based On The Data Preprocessing

Along with the rapid development of Internet and the increasingly complex network environment, the new method of attack emerges one after another, simple firewall strategy is unable to meet the current needs, the network defense must use one kind of depth, variety method. Under this kind of demand background, intrusion detection system comes into being, and becomes the second door to assure network security. However, traditional intrusion detection system still has some flaws,for example, the rate of detection and false alarm is also unsatisfactory.Much attention has been paid to study of Intrusion Detection System Based on The Data Preprocessing in this paper,In other words,based on the In conventional intrusion detection system,add a pre-processing subsystem. Through clever design,let the data pre-processing sub-system and intrusion detection sub-systems work together,with the anomaly detection techniques and misuse detection technology combined with organic,they can play their respective advantages,reach the purpose of further enhance the detection rate and lower false alarm rate of the Intrusion detection system . several aspect work Mainly has been done in the following work:1. Summarized on the Intrusion Detection Technology related theory includs,summarized on the Intrusion Detection Technology,compared and analyzed the algorithm of anomaly detection, compared and analyzed the algorithm of Pattern matching. Through research and analysis the basic theory above,got some useful conclusions.2. Designed a new Program of the Model of Intrusion Detection System Based on The Data Preprocessing. Through a clever design of the model,let the Data pre-processing sub-system and intrusion detection sub-systems work together, reach the Purpose of let the anomaly detection techniques and misuse detection technology combined with organic.3. Designed a new algorithm of Empowering TCM-KNN Algorithm. On the one hand, new definition of singular value let the samples do not belong to the normal singular value is much larger than in the normal class of singular value sample. So, it can be fully isolat non-normal data and normal data. On the other hand, in the process of determinating K value, methods were used to determine the K value For different types of data, Further improved the accuracy of the algorithm4. Improve the Snort preprocessor system and the detection engine, to make it applicable to the model. The improved Snort system, sent the data from cluster analysised by pre-processing subsystem to the corresponding knowledge base,detect various types of data.