Research Of Intrusion Detection Based On Data Mining

With the rapid development of computer network technology, people’s work, study and life have become increasingly inseparable from the computer network. At the same time, hacker attacks are increasingly rampant, network security issues become more acute, we urgently need a variety of network security technology to solve the problem of intrusion. Intrusion Detection is a new generation of security technology after "information encryption","firewalls" and other traditional security methods. As an active defense security technology, Intrusion Detection has become the hot spot of research in the field of network security, and has broad prospects for development.Now Intrusion Detection Systems (IDS) have the problems of low accuracy, poor adaptability and low detection efficiency, to solve these problems the paper makes researches on Intrusion Detection based on Data Mining technology, applies a wide variety of Data Mining methods such as classification, clustering and component analysis to the process of intrusion detection, in order to improve the performance of IDS.Firstly the paper analyzes the feasibility of applying decision tree method to IDS, then applies C4.5decision tree algorithm as the classifier to the process of intrusion detection, designs an IDS model based on decision tree, describes the function and design of this model’s each module in detail. In order to improve system performance,"Sample Selection’" and "Feature Extraction" the two pretreatment processes are designed in this model.Next, this paper conducts in-depth study on the two pretreatment processes of "Sample Selection" and "Feature Extraction". After analyzing the defects of several sample selection methods, the paper put forward a clustering-based sample selection method. The method respectively analyzes various types of training data with cluster method to achieve the purpose of breading down the data. On this basis, the method selects the boundary samples and typical samples of each cluster through different strategies. Through the sample selection, the detection efficiency and generalization ability of the classifier are improved. Next the paper introduces the basic principles of the Kernel Principal Component Analysis (KPCA) which is applied to the IDS achieving feature extraction of the samples, and compares its extraction effect with Principal Component Analysis (PCA) method. For the shortcomings of KPCA, the paper put forward a method to improve KPCA by using genetic algorithm. By optimizing selection of extracted features through the genetic algorithms, the IDS performance is further improved. Finally, through simulation experiment on KDDCUP99dataset, it proves the progressiveness of this paper’s researches.