| As an important security inspection approach, Intrusion Detect System (IDS) supports the protection of computer system against the external and internal intrusion. Due to the difficulty of dealing with a large amount of data, the existing intrusion systems have high distortion ratios and bad real-time capabilities. The advantage of data mining (DM) lies in finding out patterns and features from large numbers of data.In order to improve the ability of entire systematic detecting and reduce the rate of false-positive and false-negative effectively, this paper will apply DM technology to traditional IDS to upgrading of the rules greatly. The mining method of associate and sequential rules can be used to ID and get intrusion rule base thereby. The main work of us will be described as following:1. By studying and analyzing the defect of traditional IDS, it is pointed out that extraction of rules of IDS is mainly relies on how to efficiently process the huge amount of network data. It is known that DM technology is exactly a forceful data processing toll that can draw-out knowledge and rules from immense of data. The necessity of applying DM technology in IDS is reasonably explained in this paper.2. Based on studying the common algorithms in data mining in depth. In order to improve the efficient of algorithm and get the useful rules. We have to improve the association rules algorithm from the aspects of algorithm and the environment of practical application. Then used experiment to prove the effectiveness of our algorithm. Mining sequential pattern for the application, we have put forward the corresponding program.3. Discussed the basic circumstances of Intrusion Detection in which the data mining algorithms have been used. Then aim at the characteristics of the misuse intrusion detection system, we proposed a strategy with mixed use of association rules and sequence pattern mining algorithm, and described the implementation process of how to use the improving algorithm in mining network connection data and translate the patterns into the rules of Intrusion detection in detail. Then used experiment to prove the effectiveness of our strategy in Intrusion Detection System Construction. Through our solutions can also be effective excavated signature appears in the packet load in the attack, which is currently in a difficult in intrusion detection, thereby improved the detection rate for the attack effectively.4. Based on some problems existing in previous work, we used data mining technology to construct the normal behavior pattern of system; we combined the misuse detection and anomaly detection, and give an improved model of intrusion detection system. |
PDF Full Text Request