| Along with human society normalization increasing, the dependence of people on the network is growing, and computer network security has received widespread attention. Traditional network security technologies which use authentication, authorization, access control, encryption and other methods to achieve can not stop the illegal activities. These activities invaded the computer system through the shortcomings of computer hardware and software. As an advanced dynamic security protection technology, intrusion detection technology can be good to find these illegal acts, which has become a very important area of research in computer science and technology.Today, the self-learning ability and adaptive ability of intrusion detection systems are still inadequate, intrusion detection technology on the adaptability and scalability have been unable to cope with increasingly complex attacks. Data mining can automatically find some content and mode that people are interested from the massive data. Therefore, in many intrusion detection research projects, data mining techniques are being used. In this area, I have done the following aspects of research work in this paper,(1) I analyzed association rule mining algorithm in detail and found that the traditional deletion of candidate itemsets can also be further improved. Focus on improving the procedures and methods of the Apriori algorithm to generate candidate itemsets, given the improved method of a combination of deletion participate in the frequency of self-connected sets and pre-pruning. Taking into account the task, the algorithm is used to find out the correlation between the properties of normal connection records, Made some improvements on the rule generation method of the association rule.(2) Described how to collect real-time network data, and convert it into a form of network connection records in detail. According to the needs of association rule mining and the statistical significance of the property values of network connection records. I propose a method to deal with the discretization of continuous attribute values.(3) Proposed and described an intrusion detection system model based on data mining technology. It combines the traditional misuse detection techniques based on pattern matching with an abnormal detection method based association rules. In order to update the normal pattern set timely, a real-time frequent pattern mining is carried out in the system. At the same time, Intrusion detection result data be added to the training data set at regular time.By simulation experiments, we can see that the improved algorithm is better than the original algorithm. It has reduced the processing time, improved the system detection rate, and achieved the goal of improving intrusion detection quality. Therefore, it have some theoretical and practical values. |
PDF Full Text Request