Intelligent Intrusion Detection, Data Mining

Intrusion Detection System (IDS) bring network information security from passive to positive. With firewall used, IDS provide local network security of inside and outside. Owing to complication of computer system and great magnitude of network audit dates, it is difficult to audit data from network. With development of Data Mining and machine learning theory, Adaptive IDS model is developed from large audit data. Its research is the work of academic and practicable significance.My thesis focuses on analysis network audit data using Data Mining, and mine rules about Intrusion Detection. Intrusion Detection efficiency is improved by using Machine Learning methods, thereby enhance adaptation of Intrusion Detection.In chapter 1, I review the condition of network security and introduce the background about Intrusion Detection. The introduction of data mining includes its processes, methods, classification and application. The introduction of intrusion detection includes its system model, classification, detection technologies.The content is emphasized in the thesis: With using Data Mining and Machine Learning algorithm, the training and classification models of Intrusion Detection is achieved. Adaptive Intrusion Detection is realized finally. The main work is as follow:In chapter 2, the magnitude of network audit dates is great. Audit data contain a great deal of redundancy. The cost of making training data is high and difficult to achieve, it is one of the problems to be solved by Data Mining. To solve the problem, a new method is introduced. Rough Set-based Reduction is combined with sample. It decreases relativity of feature in Kdd99 data set. Rough Set-based Reduction have good mathematics base. The reduction request knowledge of background and meet with standard of Data Mining .Decisive Tree algorithm of ID3 is used to prove the validity of feature reduction and to generate intrusion detection rules.In chapter 3, Inductive Learning generalization is improved by using Statistical Learning Theory. Intrusion classification is learned by using algorithm of Support Vector Machine, and then the machine of adaptive intrusion detection classification is generated. The experiment on KDD99 data set compares generalization between two machine learning methods.In chapter 4, a new Data Mining-based Adaptive Models Generation (AMG) is introduced. AMG is a real-time architecture for implementing data mining-based intrusion detection system. According as the principle to design framework. Network audit dates flow is picked up with open source Snort from network circumstance. Then, simple analysis of intrusion detection is carried out. The analysis result is displayed by visualization interface.In chapter 5, summary on this thesis is made and some points of future work are suggested.According to the theory of Data Mining and Intrusion Detection, Adaptive Intrusion Detection is realized ultimately in accordance with procedures of Data Mining as follow: attribute reduction pretreatment, rules generation, efficiency improvement of Intrusion Detection, AMG system design. Therefore, the main workand feature of the paper is as follow:(1).Rough Set method which has an abroad mathematics base is used to reduce features in a great deal number of data set. So it produces feature set that has prefect independency, and the learning time efficiency is improved also. Decisive tree which has the same mathematics base with Rough Set is used to prove the validity of feature reduction.(2) Generalization and Adaptation of Inductive Learning is improved by using SVM. The model which is generated by using data mining method can adapted the changes of network situation, and it can detect new intrusion behavior.(3) A new framework about Data Mining-based Adaptive Models Generation (AMG) is introduced. Through the experiment of real-time Snort system, it makes the academic and practicable base in order to design practicable system of intrusion detection in the future.