Research On Intrusion Detection System Based On Data Mining

With the popularization of the Internet, people are enjoying the Internet’s convenience, but the problem of network security has become prominent at the same time. The network intrusion behavior is a serious threat to network security. However, the intrusion detection is receiving the wide attention in academic and industrial field as an effective intrusion detection technology. Most of the intrusion detection systems usually compare the collected data’s characteristics with the rules written by experts which already exist in the database to detect the attack rapidly. The traditional method based on pattern matching detection is very efficient to the known attacks, but it relies heavily on the rules designed by experts. Meanwhile, the pattern, carrier, or type of current intrusion behavior produce new change constantly, therefore the variation of known attacks’missing rate is very high.As computer technology develops, data mining which is one of data driving methods has become a new intrusion detection method. Intrusion detection system based on data mining can analyze Intrusion Detection data collection firstly, then, it will select the appropriate classifier which is able to detect intrusion behavior better and find the potential attack according to data’s characteristics. Lastly, it can also response the update classifier concurrently. So it has strong self-learning ability.This thesis mainly studies the application of data mining in intrusion detection system, the sparse representation is introduced to extract features of the intrusion detection data set, and the support vector machine algorithm based on particle swarm optimization classification improves the accuracy of the prediction. The main research works as follow:1. Analysis of common intrusion detection system, this paper proposes an intrusion detection system prototype based on data mining called SR-SVM. The preprocessing module mainly uses the sparse representation feature description data of intrusion detection systems, intrusion detection module use support vector machine training model as the particle swarm optimization algorithm to get the optimal parameters of SVM function, and the optimal parameters of support vector machine as a detection module.2. The theory of sparse representation is studied deeply, and it is also applied into intrusion detection system in order to extract the character of the network packet data. Furthermore, using support vector machine classifies the characters which are represented by sparse representation algorithm.3. In view of the fact that the support vector machine exists uncertain parameters, in order to improve the accuracy, support vector machine’s training model is used as the fitness function of particle swarm optimization algorithm to optimize the parameters of support vector machine in order to obtain the optimization uncertainty parameters. In this paper, the sparse representation is used for the pretreatment of intrusion detection data sets firstly. Then the classification and prediction have been done by the model using support vector machine based on particle swarm optimization algorithm.