The Research On Intrusion Detection Algorithm Based On Sequential Pattern Mining

Intrusion detection technique is the new generation of security assurance technology after firewall, data encryption and other techniques. Recently, with the increasing network flux, the intrusion detection system (IDS) based on data mining technique has been researched widely. Along with the improvement of intrusion technique, many intrusion behaviors hide their signatures in the occurrence order of events. An individual packet or command looks normal, which has not evident detection signatures in it. However, a sequence of packets or commands in order compose an attack, and the attack sequence appears only once in an attack. In order to find out the rule of this kind of attacks, sequential pattern mining algorithms are introduced into intrusion detection systems.The writer aims at the research of sequential pattern mining algorithms and their application in IDS. The main work of the paper is as following.First, the paper introduces the basic conception, related techniques and the latest research progress of intrusion detection techniques, as well as data mining. Then, it analyzes data mining technique applied to IDS, the advantage and latest research progress of sequential pattern mining applied to IDS.Second, the paper researches sequential pattern mining deeply. It analyzes the existing classic algorithms of sequential pattern mining, and points outs their shortage. Then a novel algorithm for Efficiently Sequential Pattern Mining of IESE-Span is proposed in the paper. The writer introduces the mining process of the algorithm detailedly, and analyzes the algorithm's performance relative to classic algorithms.At last the paper researches a framework of IDS based on sequential pattern mining. The IESE-Span algorithm is applied to the framework to mine sequential patterns of network behavior. Finally some experiments has been performed, and the experimental results show that the IESE-Span algorithm improves the time and space efficiency, decreases the number of rules and heighten the availability of rules.