| With the development of network technology, there are more and more networkarracks. Therefore people pay higher and higher attention on network security.Network security has been through a long and continuous development, intrusiondetection technology is one of them, and it has been a very important part of imformationsecurity architecture. It is a proactive security protection technology, and it capturesnetwork packets and make pattern matching for rules in library one by one. But with thefast improvement of network bandwidth, the intrusion detection efficiency and precisionhas faced a huge challenge. And the data mining technology can fix that.Firstly, we introduce the intrusion detection technology and the data miningtechnology in detail, poinis out the current problems in intrusion detection area, anddiscusses the utilization of data mining in inirusion detection,which provides a theoreticalbasis for the proposal of data mining-based intrusion detection system.Secondly, we chose the open source Snort Intrusion Detection System(Snort IDS) asthe research object and analyze in depth, especially the modules structure and plug-insmechanism; and introduce K-means clustering algorithm and Apriori association rulesalgorithm in detail, and does some improvements in the two algorithms based on theshortcomings of these two algorithms and the data mining-based Snort Intrusion DetectionSystem requirements. And we builds a new framework of the Snort IDS with data miningtechnology. The cluster analysis module plug-in and pre-detection engine plug-in aredesigned by improved K-means algorithm which is put into the Snort plug-ins. Thefeature attaining module plug-in is designed by improved Apriori algorithm which is alsoput into the Snort plug-ins. And the resulting association rules are transformed into Snort’sintrusion detection rules. Then specific experiments show the effectiveness and feasibilityof the new system. |
PDF Full Text Request