| Network Intrusion Detection System (IDS), an essential issue of network protection, has become an important research area of information security. Traditional IDS is based on detection rules that are constructed manually by experts of information security. With the rapid development of the Internet, traditional IDS reveals many limitations in the face of new attacks, such as large workload, slow responding speed, low accuracy and low efficiency, etc.In this thesis, the data mining approach to Distributed Intelligent Intrusion Detection System (DIIDS) for updating detection rule library automatically is presented, which can maintain and update rules for improving the adaptability and extensibility of DIIDS.The accuracy and generalization of detection rules are two critical factors for IDS. In our system, data mining is used to construct temporal and statistical features from a large amount of audit data. And every record represented by these features is analyzed by machine learning to create new detection rules. The detection knowledge is updated automatically by adding new rules to the rule library. Association rules and frequent episode algorithm are applied to data aggregation, feature construction and feature selection in data mining. Axis attribute, reference attribute, relative support and level-wise approximate mining algorithm are used to extend data mining algorithms for obtaining better adaptability in network environment. The methods of pattern visualization, analysis and comparison are also provided.Finally, our system is analyzed and evaluated in a "SYN flood" environment, and a method of applying clustering to anomaly detection is added to improve its performance. |
PDF Full Text Request