| With the development of the computer network and more and more business according to the network, computer system and network security problem are more and more pop out. The attack numbers were increased quickly in the recently years, at the same time, this attack were causing enormous economic losses. The common technique is adopt intrusion detection avoid and firewall, such as user identity authentication or avoid program error to protect our system. However, the avoid intrusion detection is not enough to completely avoid attack, such as they can't detect internal attacks in a local area. So it's necessary to use intrusion detection technology to attack the defense as a second line of defense, this will also enable people pay more attention to instruction detection.However, traditional intrusion detection system in the effectiveness, flexibility and scalability are deficient, especially face the new type of invasion it became powerless. As a result, we use a new technology data mining to construct instruction detection system, then introduce some popular intrusion detection model based on data mining, we will analysis some of this model and we will according to this mode to construct new system. This article is from the perspective of data processing, using data mining method based on audit data model to describe the act of instruction, as a tool to describe the act of invasion.We use the competition data of KDD CUP1999 to establish misuse detection, according to data mining software weka and database software Sql server2000 to analysis this data, we expect using this we can acquired a well classify arithmetic. We use C4.5 arithmetic to train data, then using train model to match train data, the result were very well. About the data we don't train some result were bad, so we using expansion of the C4.5 arithmetic. The arithmetic is maintain method, then we use this method to test several times and experiment approve that this method is in good effective detection,low cost of operation and train easy. The articles also establish anomaly detection model using Eclipse and misuse detection rules. Finally, we mention what to study and work in our future. |
PDF Full Text Request