Network Intrusion Detection Method Based On Data Mining Technology

Nowadays, network is widely used in enterprise and institute, network security becomes an important part of network deployment and operation. Firewalls are not a comprehensive protection, while IDS can provide better. IDS based on misuse detection can't detect unknown attack. IDS based on anomaly detection doesn't rely on the intrusion detection characteristic database and can detect unknown attack. So, it is necessary to research and improve the anomaly detection method.Data mining is used to pick useful information from lots of data, while intrusion detection is also a process of classification and filtering. Using data mining technology in intrusion detection makes it have better expansibility and self-adaptation. IDS data is large mount and multi-dimensional, so it is necessary to improve data mining technology according to the application of intrusion detection. Besides, applying data mining technology directly in intrusion detection will bring some problems of data mining algorithm, such as algorithm converges to local optimization, and it will have a bad influence in intrusion detection.This thesis does some research in IDS with data mining technology. It mends clustering algorithm depending on the applications of intrusion detection. It transforms data to numbers and format to standard form, uses a more precise condition to end the algorithm and a better convergence condition. It makes the algorithm analyze intrusion detection data more efficiently; to solve the problem that clustering algorithm converges to local optimization and improve the detection rate, lower the false alarm rate, it uses genetic algorithm to improve the global search ability, which combines genetic algorithm with amended clustering algorithm to a new intrusion detection method GACH. By doing some experiment and test, it is proved that this new intrusion detection method GACH has a high detection rate, low false alarm rate, a better efficiency, good self-adaptation, and avoids the problem that converges to local optimization. So, it can detect intrusions more efficiently and achieve the goal.