Data Mining For Applied Research In Network Intrusion Detection System

Intrusion detection is an essential component of network security mechanisms, and it's a new approach, which tries to detect attempts to penetrate into a system.The existing practical intrusion detection systems usually use pattern database of well-known attacks to match and identify known intrusions from audit data. These pattern match-based methods have high detection performance in the detecting of those known attacks, but in the detecting of some unknown attacks or the variations of some known attack methods they doesn't work well. Use data mining methods to analyze the audit data and provide anomaly detection based on the generated normal patterns, this method can improve the performance of intrusion detection system. With the research in the intrusion detection systems and data mining techniques, this paper discussed the application of data mining in intrusion detection system.The research work of this paper mainly includes:1. Analyzed the pattern match algorithms in Snort, discussed some methods to improve these algorithms.2. Researched the unsupervised anomaly detection methods based on clustering analysis, improved the K-means algorithm. The algorithm is proved to have good performance in real-time detect with some experiments.3. Analyzed the association rule mining and the frequent episodes mining algorithms, implemented these two algorithms into anomaly detection. Discussed a detection method to judge whether there happens anomaly matters. This method judges it by calculating the similarity of mining normal and anomaly traffic among the rule sets. The validity of this method is proved by experiments.4. Designed a Snort-based integrated intrusion detection model. This model used several individual modules and detection techniques to ensure the performance.