| With extensive application of the network and development of the network technology, especially the hacking technology, network security is increasingly attracted widespread attention. In order to more fully protect the network environment, the need to find a timely and effective attacks, and take measures before this kind of behavior cause and destroy to the system and data. Intrusion Detection System is one such tool for network security. It regards data analysis as the core, adopts the tactics of the initiative defence, becomes an important protective screen that the network attacks. The Data Mining as an effective means of data analysis is naturally introduced to the intrusion detection system. Based on Data Mining Intrusion Detection System has become a hot research issues.This paper regards the Intrusion Detection System based on the Data Mining as the focal point studied. First, Intrusion Detection System and Data Mining technology for research and analysis. Then, this paper discusses the application of Apriori algorithm in the intrusion detection which is a methods of data mining based association rules mining. Currently, data mining technology in the Intrusion Detection System, the main concern of network data head information knowledge discovery, and neglect the right network data pay loads information mining. This paper transform the Apriori algorithm to make it can find network data payloads signature messages, the discovery of signature rule facilitates improving snort rule set. On this basis, this paper has been designed and realized a Intrusion Detection System based on Snort.The main work herein is as followsfirst. First, This paper describes the basic concepts of the background knowlege and current situation at domestic and international of this research. Second. This paper describes the basic concepts of the Intrusion Detection System, its classification, commonly used detection technology and general system structure. Third, In this paper, describes Data Mining and Knowledge Discovery and some of the major data mining technology. Fourth, we detailedly analyse the rule-based and lightweight Intrusion Detection System-Snort and the data mining algorithm-Apriori based on association rules and its improvement. We design and implement a Intrusion Detection System based on open source system-Snort, in which we introduced Apriori algorithm that process the data for data mining to improve Snort rules and provide support for decision-making mechanism.This paper has made the main contributions to introduce the data mining technology into the Intrusion Detection System, and design and implement a hybrid Intrusion Detection System based on open source snort ; has transformed traditional Apriori algorithm, make it used in find signature of network data payloads.Through practical application and deployment, the current system can effectively detect known types of attacks and some unknown attacks, the full test the effectiveness of the system. |
PDF Full Text Request