Based On A Variety Of Detector Hybrid Intrusion Detection Technology,

Intrusion detection system is another important safe gate that comes after "firewall", "numeral signature", "interview control" and other traditional static safe protective measures. Pattern matching method is often adopted to carry out detection in traditional system. However, this method is not enough ideal at the adaptability aspect. The application of data mining could develop the superiority of data excavation to handle large data, raise the efficiency and the accuracy of detection in network intrusion detection system. But certain rate of false drop still exited.First of all, the model of intrusion detection system that mix two technique, pattern matching and data mining is proposed in this paper. Also the function of each module is analyzed concretely, and explicit realization way is put forward. Specially, the AC_BM algorithm, a classical multi-pattern matching algorithm is used to detect in the design part of pattern matching. Secondly, the paper analyze the detection part particularly based on data mining, complete preprocess to original data, structure the high accuracy classification model and make the system function implement.Data pre-handling step in fact is the process of essential features extraction. While setting up classification model, the choice of characteristic feature influence directly accuracy of model. Characteristic feature come from essential feature. One integrated pre-handling process is devised in this text. The function which acquired the essential feature of connection records from original data set can come true in this process.A suitable characteristic feature that depended on analyzing the factor which influence the model accuracy and a great deal of experiment results is chosen, when a classification model is structured. Some classification algorithm as ID5 and C4.5, and other some expanding algorithm are construed. By comparing, we chose C4.5 algorithm that has the following advantages: easy comprehended rules, high accuracy and tallying with real-time requests. The conjunction record transform, the choice of feature and the formation function of rules is achieved in this model.As the experiment results display, the classification model built by characteristic feature can separate "normal" data and "abnormity" data effectively in this system.