| Information security is different from the traditional security technology, which emphasizes information systems throughout the life cycle of defense and recovery. Intrusion Detection System as an important part of information security systems can settle well the problems which the traditional protection mechanisms probably cannot.Since the data stream emerges fast and quickly results in a big amount of data, the traditional data mining technology which can hardly meet the requirements are facing new challenges.Due to the intrinsic characteristics of high network traffic and transport volume of data streams, this article studies of the incremental decision tree algorithm and tries to understand the network data stream from the perspective of data stream mining. Traditional decision tree algorithm handles discrete data in a batch processing approach. When facing continuous attributes, the data often require pretreatment before you can use the decision tree classification algorithm. For large data sets the batch processing methods are also limited by the physical machine conditions in the form of software and hardware limitation. In order to fulfill the real time needs of intrusion detection and network Data stream, this article applies enhanced incremental decision tree algorithms to the online data processing and uses red-black binary trees to reduce the time complexity of decision tree algorithm which can handle continues data and thus promotes the performance of the system response.Finally, using the improved algorithm I've build up a little intrusion detection system using the MIT Darpa 1998 intrusion detection system off-line data as the test data set. The results show that the algorithm can adapt to the task of online real-time detection, with a good detection performance. |
PDF Full Text Request