Rough Set-based Data Mining Techniques Applied Research In Network Security

As exacerbation of malicious intrusions into computer system, network security has become a key problem of society and technology. Because of complexity of network security, only relying on network security technology is inadequate and combination with other technique is very essential. Rough Set theory is an appropriate candidate. Rough set theory is emerging as a new tool for dealing with fuzzy and uncertain data and knowledge acquisition is one of the most important parts of rough set. It is very efficient to analyze and process imprecise and imperfect data. It can find potential knowledge and rule from data. We will apply Rough Set theory in two important branches of network security: E-mail classification and intrusion detection technique.In this thesis, through the review and embedded study of the theory of network security and E-mail classification, we have presented a classification model and algorithms based on Rough Set. Based on this model we have implemented the e-mail classification system based on Rough Set (ECSRS). The simulations demonstrate the ECSRS is effective.Intrusion detection is another important branch of network security. In order to solve the problem for rule acquisition intelligently, an effective method for misuse intrusion detection with low cost and high efficiency is presented. This paper gives an overview of our research in building a detection model for identifying known intrusions, their variations and novel attacks with unknown natures. In addition, a rough set and rule-tree-based incremental knowledge acquisition algorithm (RRIA) is presented in order to solve problems of updating rule set when new attacks appear. Based on this model we have implemented the rough set based network intrusion detection system (RSNIDS). Compared with other methods, our method requires a smaller size of training data set and less effort to collect training data. Experimental results demonstrate that our system is effective and more suitable for online intrusion detection.