Research And Application Of Intrusion Detection System Based On Data Stream Mining

Intrusion detection software plays an important role in the security systems. Over the past decade, data mining in intrusion detection system has been extensively studied. With the actual requirements and technology advances, the current network speed faster and faster. Therefore, the network data are mostly in the form of data flow, how to acquire knowledge from the data stream is also becoming increasingly important, the advantage of data stream mining technology gradually displayed. Apply data stream mining techniques to intrusion detection system, has the following advantages:Improve the Real-time capability of intrusion detection system. It can detect unknown intrusion types. Therefore, the use of data mining methods to extract the flow characteristics of the invasion, establish of detection model, is an important way to automated intrusion detection.In the data stream environment, there are two main challenges:First, for the handling of concept drift, How to find and respond to these changes is a question worth exploring. Second, the requirements of efficiency. In addition, how the practical application of data stream mining algorithms to intrusion detection systems, to fully exploit the advantages of data stream mining, also placed in the current issue.The main contents of this article:First, the proposing of intrusion detection model based on data stream mining. In this model, data flow management system at the core position. In the model using data flow management system can realize the unified management of network data. It is conductive to data stream mining algorithms in intrusion detection.Second, the Hoeffding tree algorithm has been improved to be applied to the data stream environment. Then, make a combination of sensor methods and Bayesian methods to improve the classification accuracy of the algorithm.The third, this paper presents an algorithm named EHPStream, which using the Frequency matrix to handle the categorical attributes, using the principle of information entropy to handle the problem of high-dimensional. Experimental results on public data sets show that can cluster the mixed-attribute data stream more cluster purity than HPStream algorithm.In the last, extended the Snort system, Snort is a classic intrusion system. The algorithms mentioned in the above chapter are applied to intrusion detection system. This system can updated the rule sets, it also can detect unknown typed of intrusion or attack.