Application Of Data Mining Technology Research And Design Of Intrusion Detection Systems

With the popularization of the applications of network-based computer systems and the increasing development of Electronic Commerce, Electronic Government affair, security issues become more and more outstanding. There are increasing amount of attacks year after year, with more increasing rate in the recent years. As intrusion prevention technique, intrusion detection is needed as a strong wall to protect computer system. However, current intrusion detection systems lack effectiveness, adaptability and extensibility, and especially, they become ineffective in the face of new kind of attacks. Aimed at these shortcomings, this thesis takes a data-centric view to IDS (Intrusion Detection System) and describes a framework for constructing intrusion detection model by mining audit data. Classification rules are inductively learned from audit records and used as intrusion detection models. The rules are combined with current detection system to construct a new type of instrusion detection system based on data mining technique.This thesis firest provided the background on IDS and its system architecture and types, introduced theory and application of data mining technique. Because of the shortcomings of current techniques of intrusion detection, we focused on the construction of intrusion detection models. The goal of this thesis research is therefore to develop a framework that facilitates systematic and automatic IDS.We then discussed the problem of classification. After the experiment of classification algorithm, we discussed how to building classification models from audit data, pointed out the most important issue is to construct a set of diagnostic properties. Based on analysis to the experiment results, we constructured several features for the instrustion detection models and proved feasibility of building intrusion model using classification algorithm.Subsequently, based on Snort arhitecture, we built misuse intrusion detection architecture with the detection model came from data mining process. We designed an intrusion detection system Snort/DM based on data mining technique, which includes learning intelligent agent and detecting intelligent agent; analyzed the structure of prototype system, which built on Linux and introduced the detail design of important modules.