Research Of Intrusion Detection Techniques Based On Data Mining

With the continuous development of computer network, hacker's attacks are becoming more and more severe, thus Internet security defense is doomed to be a serious concern. Though a variety of traditional static security defending system, such as firewall, identity authentication and data encryption, which can't construct a complete defending architecture. As a new active security-defensive mechanism. Intrusion Detection System can provide us with the host and network dynamic protection. It has been another defending line behind firewall. As a new technique, data mining has great preponderance in solving current problems of intrusion detection.Special researches and attentions are put on the cluster analysis and association algorithm in the application of intrusion detection, which based on data mining and intrusion detection technology. The main work was described as follows:1. This article introduced present research status of intrusion detection technology, development history as well as the classification and the basic model of intrusion detection system. It explored the relevant knowledge of data mining, and analyzed the development trends of intrusion detection techniques.2. After analyzing the advantages of clustering method that used in intrusion detection, this article proposes a new hierarchical clustering base on maximum distance and multi-degree of membership, to overcomes sensitive of the initial value and easy to fall into local optimal solution.3. A detection system was designed based on the new algorithm. The experimental results showed that the new method had a better effect on unknown attack, and possessed higher detection rate and lower issue detection rate.4. With the correlation and clustering algorithm to mining the intrusion data, it uses Apriori algorithm to extract the features of association rule, and modifies the clustering results. This model reduces the false detection rate.5. Describing the composition of Winpcap Tool, and under the real-time it captures network packetes on the.NET Platform.