Research On Intrusion Detection Algorithm Based On Fuzzy Association Rules Mining

IDS (Intrusion Detection System) is considered to be the second security gate after the firewall。It can detect whether the network or computer system exist action with violation of security policy or signs of attack,through the collection and analysis of network behavior, security logs, audit data, other information available on the network and computer systems in a number of key points of information, It can intercept and respond to intrusion before the network and computer system are destroyed. It can also monitor the network without affect the performance of network. Intrusion detection technology is a proactive security technologies, which provide real-time protection of internal attacks、external attacks and misuse Operation。In this paper, we research on data mining application in intrusion detection, study and improvement the intrusion detection algorithm based on fuzzy association rules mining. Our main work is as follows:1.We analysis of the current study of data mining application in intrusion detection, analysis of its advantages and disadvantages。A common shortcomings existing on association rule mining algorithm is boundary sharpening. In order to solve this problem, we lead the fuzzy technology into association rule. We also study the commonly used association rule mining algorithm:Apriori, then use the fuzzy technology design our Fuzzy-Apriori. Our last work of this part is design an intrusion detection algorithm based on fuzzy association rules mining.2. In order to maintenance the frequent itemset of intrusion detection faster when the IDS face the incremental update problem, we proposed the methods of incremental mining. We analysis of the existing advantages and disadvantages of incremental update algorithms, Design an improved algorithm for incremental update:FIUA, to solve the real-time shortage of rule set update of Intrusion detection.3. We compare our intrusion detection algorithm based on fuzzy association rules mining to the intrusion detection algorithm based on association rules mining by our experiments. We verify the effectiveness of the algorithm through the comparison of the accuracy, false positive rate, false negative rate between the two algorithm. We also compare our FIUA with FUP by experiments to verify the effectiveness of FIUA.