Data Mining-based Intrusion Detection Research

With the development of network technology, especially with widely using Internet in a very short time, network security problems win more and more attention. Because traditional static security model could not adapt to new network environment, Intrusion detection is an active security defending technology, the complement of traditional computer security technology, which can survey and defend attacks both from inside and outside and mistake operations in real-time method. So it already becomes a hot topic in network security research realm.Among the intrusion detection technologies, data mining based intrusion detection technology has good prospects. It introduces the data mining to the intrusion detection, which upgrades the intelligent, veracity and expansibility of intrusion detection system. In this paper, research has done on a typical data mining based intrusion detection system, and some amelioration is put forward. The author's main workings are given as follows(1) This thesis firstly introduces current network security status and current dominative upport in of network security defence and points out the importance of researching intrusion detection system. Then it introduces the concept, classification and common model of intrusion detection system.(2) The paper analyzes a typical data mining based intrusion detection system-DADIDS, give a brief introduction to system's framework, theory, and way that how t o use the data mining in intrusion detection(3) Research is done on the association rule mining algorithm , intruduce two kinds of popular association rule mining algorithms and propound a new algorithm named RB-FP-TREE,which is base on the algorithm —FP-GROWTH,with the help of matrix, the new algorithm outperforms the former algorithm.(4) This paper discussed the problem existing in current frequent sequential pattern mining algorithms, and adopt a high efficiency algorithm, through which the typical patterns of system call sequence in the form of association rules are discovered to discriminate the normal and abnormal process. Further more, the classification rules are obtained to detect the intrusion attempt or behavior in the system process.(5) Cluster analysis is a important means in Date Mining. The paper applies...