| Intrusion Detection System(IDS) is common for the number of real attacks to be far below the false alarm rate,which are often missed and ignored.And the mass information can severely limit an IDS's effectiveness.With the diversification and intelligence of network attacks,the single technology has been difficult to fill what the current security and defense needs.Therefore,the integration of multiple technologies to build new types of IDS has become the focus of current researching.This thesis integrates data mining and multi-sensor data fusion technology into common IDS,analysis and improves these two classical algorithms,making the improved algorithm more applied to IDS and effectively reduce the false alarm rate.Import classification and cluster analysis algorithm into IDS,find out unusual or valuable data from the collection of mass network data,system security logs and other data filtered by data mining technology,to improve the system's ability to identify user's abnormal behavior,and to detect unknown attacks.This thesis detailed the K-Nearest neighbors algorithm and K-Means algorithm.As a result of traditional algorithms can only handle numerical data type attributes,IDS can not meet the requirements of the data,it is necessary to improve them.Simulation experiments prove that the improved IDS KNN algorithm and IDS K-Means algorithms are not only applicable to IDS,but effectively improve system performance.Current IDS technology cannot detect multi-combined attacks,so it is more important to integrate multi-sensor data fusion technology.That is to integrate data and information from a variety of distributed sensors together to form a unified treatment of the process,instead of single detector,to reduce the false alarm rate and improve the ability of handle high-speed bandwidth networks data.The thesis uses Dempster -Shafer evidence theory and the expansion of combination rules for IDS,to improve the detection rate of the system,reducing the false alarm rate. |
PDF Full Text Request