| Computer network security has been a topic of wide concern. Traditional type of security technology such as safety certification, authorization, access control, and encryption, can not prevent the illegal intrusion behavior imposed on the defects of software and hardware of computer systems. The current firewall does little to isolate the attacks that aim at the design flaws in the procedures and make use of the channel encryption. Intrusion Detection System (IDS) is an important dynamic security protection technique, and it is an important research domain of computer science and techniques.Nevertheless, the traditional intrusion detection technique can not deal with the attacks which become more and more complicated on the way of expansibility and adaptability. The knowledge of many other fields is introduced and the data mining is a kind of hot technology among them. Data mining can mine specified patterns that people are interested in from large datasets. Therefore, data mining technique is applied for intrusion detection in large number of research projects, which greatly promote the development of intrusion detection.We expatiated on the definition of intrusion detection and data mining, the background and the status of the research on IDS. Then we introduced four classic techniques of DM, data mining techniques for IDS is analyzed. Based on the research, a framework of IDS is designed, which combine misuse detection and anomaly detection. The framework is distributed and self-adaptive. The rules base of IDS is analyzed and designed in detail.Aiming at the low efficiency of traditional intrusion detection pattern matching algorithm, encoding method of association rules and episode rules is researched. Using the encoding algorithm, the patterns mined by data mining is quantified. Then a detection method based on rules encoding is designed. The method that quantifies patterns, which are mined by data mining, provides an easy and feasible way for IDSs' highly effective detection of intrusion in large traffic network. At last, the experimental results show that the quantitative detection rate is faster than the traditional pattern matching detection rate. The dissertation point the factors which need attention using the method of quantitative detection based on pattern encoding. |
PDF Full Text Request