The Application Of Outlier Mining In Intrusion Detection

Today, the tide of informationization is sweeping across the globe and Internet has beengetting fast development. The network information has been applied to every department ofcountries and society. While people share the network information together, they feel thatthe question of information safety is becoming more and more serious. It has been a veryimportant for us to guarantee the security of network information. The passive and staticsecurity-defense system from the initial access control mechanism to packets filter and thefirewall techniques of application layer gateway has been already unable to meet thedemands of present security state. In this case, the birth of the intrusion detection system hasbeen impelled. It takes initiative approaches to detect the possible intrusion behaviorsthrough checking the abnormal state of network and system interior data, and giveswarnings or cuts off the intrusion ways. Therefore it remedies the deficiencies of other staticdefense systems.In conventional way, experts analyze data collected by intrusion detection system andextract detection rules or models. Manual analysis is quite expensive because of enormousamount of audit data. Applying data mining technique to intrusion detection can reduceworkload of manual analysis and dependence on experience. Furthmore, data miningtechnique can make the intrusion detection system adapt to new types intrusions.Outlier mining is an important branch of data mining, it can discover abnormal datafrom dataset, and intrusion detection technology is to discover intrusion data, which areabnormal, therefore outlier mining can be used in intrusion detection system and use outlierdetection algorithm to discover intrusion behaviors.This paper makes a detailed introduction of intrusion detection technology and theoutlier mining technology, the outlier mining algorithm applied to intrusion detectionsystem. Then according to the previous algorithm’s shortage we improved it, and the use ofexperiments to verify. Experiments using the KDD99data set, the algorithm can delete thenormal data from data set as soon as possible and not necessary to calculate local reachdistance. This paper use different type of attack training and testing data sets forexperiments. The experimental results show that, the method ensures the high detection rateand low false rate, can be well applied in intrusion detection system.