Research On Intrusion Detection Based On Data Mining

With the increase of informatization level and enhancement of dependence on computer networks for human society, computer network security has aroused extensive attention. Intrusion Detection is a security technology to detect intrusion through monitoring the target system in runtime. Now it has become a hot research in the field of network security. However, current intrusion detection systems lack effectiveness, adaptability and extensibility. Aimed at fixing these shortcomings, this thesis brought data mining to IDS and webpage security, and enhanced the current model and methods to improve the detection rate.This thesis first provided the background on IDS and classification of IDS, then discussed much detail about the future of IDS. We provided the knowledge of data mining, many methods and the applications in Intrusion Detection. The Data Mining technology is a strongly data-dealing tool. Through using the Data Mining technology into IDS to deal with the numerous data, we can improve the detection model and the detect-ability of the whole IDS, finally reduce its rates of fake alert and error alert.A new model for Snort intrusion detection system based on the theory of rule generalization was proposed in chapter 4 to solve the problem that Snort system was powerless to find new types of intrusions. In the new model, combining the characteristics of Snort rules and algorithms in data mining, both cluster generalization and nearest neighbor generalization were also proposed to enhance the detection ability of rules and achieve the goal of detecting more intrusions. As we knew that intrusion based on webpage is a critical problem now, however, traditional webpage evaluation methods based on the virus characteristics can not meet the features of rapid development and quick deformation of virus, according to this problem, a new model based on data mining and system calls was proposed to detect virus in webpage in chapter 5. The new mode first filtered the webpage by Bloom Filter, then automatically learnt and built the normal access mode by decision tree to detect the abnormal access behaviors generated by malicious webpage.The research on IDS based on Data Mining is very hot in network security. In the last chapter, we present several directions of improvement for our future research.