The Intrusion Detection System Based On Data Mining Research

With the rapid growing of the computer network, the invasion of the networkviruses and hackers happens frequently. Under such circumstances, the detection systembecomes an effective barrier for protecting the safety of a network. In fact, the IntrusionDetection is a kind of information discrimination and detection technology aiming todiscover and identify intrusion behaviors. From the data-driven point, it is a process ofdata analysis. Therefore, the application of the data mining method to the IntrusionDetection field is a hot issue in the development of it.Firstly, this thesis introduces the actuality of network security and makes clear thedefinition of the Intrusion Detection technology and the data mining technology, andthen makes a necessary analysis of the Snort Intrusion Detection System. Secondly, theframework of the Intrusion Detection System based on the data mining is realized. Oneof the key focuses of this paper is the design and implementation of the anomalydetection engine and the cluster analysis module based on an improved K-Meansclustering, through which the detection efficiency of the Snort System is improved;Another focus is the realization of the correlation analysis module based on theimproved Apriori algorithm, through which the exceptions logs are found out. Thus, therules of the self-learning and the anomaly detection of the Snort system are achieved.The experiment shows that the Intrusion Detection System based on the Network ishelpful to the establishment of the model of normal behaviors and the improvement ofthe efficiency of the Intrusion Detection. The association analyzer can mine the strongassociation rules with effect, which enables the self-learning of the Intrusion DetectionSystem. According to the experimental results, the thesis analyzes the effects of thecluster radius and the thresholds θ through the K-Means clustering on the first hand.And after that some simple suggestions are given on the second hand. At the same time,the comparison was made of the mined number of association rules with an improvedApriori algorithm under various reliability threshold conditions.