Research On Intrusion Detection Based On Sequential Pattern Mining

With the network data flow increasing,the intrusion detection technology based on the artificial model already has been unable to adapt to the new network environment,in order to extract the useful information from huge amounts of data,the data mining technology is introduced into the intrusion detection.Due to the means of intrusion are improving,sometimes it is difficult to judge whether the intrusion occurs according to isolated network event,if the network events are arranged as a whole in chronological order,we would find attacks.In order to look for such a law,the sequential pattern mining technology of data mining is applied in the intrusion detection.How to extract user's behavior feature patterns and eliminate the redundant rules using the sequential pattern mining technology is a key to the intrusion detection. There are more in-depth discussion about the following aspects in this paper,the main contributions as follows:1.First,introduce the concept of intrusion detection and its classic models, mainly introduce the common types of the intrusion detection,analyze their advantages and disadvantages,and in-depth explore the development direction and challenges of the intrusion detection.And then elaborate data mining technology, focused on the sequential pattern mining technology of data mining and introduce classic sequential pattern mining algorithms in detail,and compare the advantages and disadvantages of these algorithms.2.There would be a lot of pattern rules which are mined for massive data,but in fact the users are usually only interested in a part of them.This paper combines axis attributes theory and constraint nature,propose the attribute constraint UPrefixSpan algorithm based on PrefixSpan,which is applied in the intrusion detection,and execute constraint mining according to the user pre-set attribute values.The results show that the UPrefixSpan algorithm can effectively mine the frequent event patterns which the user interests,so that the user can analyze particular patterns.3.Propose the intrusion detection method based on IPrefixSpan algorithm, through introducing the interest factor to overcome the deficiency of the existing methods,in which the confidence ignores the support of consequent itemsets(records) of patterns rules,strengthen the relevance between itemsets of pattern rules,and improve the practical application value of the pattern rules in intrusion detection,so as to further reduce the weak rules redundancy.4.Combine the advantages of the anomaly detection and misuse detection, establish a new intrusion detection experimental model,use the double detection to improve the detection accuracy.The experiments show that the improved algorithm on the new model can further reduce the redundant patterns,improve the detection accuracy and lower the false rate.