| To avoid network intrusion, intrusion detection system (IDS) collects and analyzes information on a number of key points through the computer network or computer system, and finds whether the network or system security policy is a violation of the behavior and signs of attack. Data mining is an analytical tool used to extract large amounts of data in which the implicit and potentially useful information and knowledge. Therefore, the hidden information can be extracted as much as possible with the use of data mining technology, so as to achieve the best detection results.In this dissertation, after researching intrusion detection system based on data mining technology, two kinds of algorithms are proposed, which can improve the detection performance of the whole system and reduce the false alarm rate effectively.The major innovations of this dissertation are as follows:1. An improved k-means clustering algorithm is proposed to solve the limitation of the classical k-means clustering algorithm: over-reliance on the initial cluster centers and the excessive number of iterations. The new algorithm improves the clustering efficiency and is confirmed to be feasibility though simulation experiments.2. A fast multi-constrained Apriori Algorithm is proposed after data pre-processing, a large data set could be divided into several small data blocks. Then using the new clustering center of the small data blocks, the new algorithm with the time-series constraint could generate frequent itemsets quickly. It solve the problem that proceeding large I/O load when it scans the transaction databases Considering not every event with strong rules are fun events, the new algorithm using the ellipse function as decreasing support and improve the pruning process, which makes detection rate better. The algorithm is proved that can improve running efficiency and get better detection rate. |
PDF Full Text Request