The Application Of Data Mining In The Intrusion Detection

Along with the high-speed development of the computer network, when peopleenjoy the convenience of network, the requirements of network security are beingincreased highly. The traditional safety technology cannot meet the growing demandfor network security. Intrusion detection is a new safety technology after the firewall,which goes to mature with the development of the network technology and the otherconcerned subjects, and becomes a new defense of network security. The key ofintrusion detection technology is distinguishing between normal behavior andaggressive behavior from the vast amounts of data. But the existing intrusion detectionsystem has a high false alarm rate, which has become the bottleneck of the furtherdevelopment of intrusion detection system. Data mining technology can findknowledge which is people interested in from vast amounts of data, so we can take theprocess of intrusion detection as a data mining process. And the data of intrusionbehavior and the data of normal behavior have different characteristics, the datamining technology can distinguish from the two kinds of behavior by way of searchingthe internal relationship of data, achieve the purpose of improving detection rate andreducing false alarm rate.This article introduces the intrusion detection technology and its generalarchitecture, starting from the history of intrusion detection and the status of currentresearch, which offers the relevant operational theoretical basis for the model designof intrusion detection based on data mining; describes the classical data miningmethods, and focuses on the methods of clustering analysis, the measurement methodfor clustering division and the original K-means algorithm.Because of the defect of sensitivity to the initial clustering centers in the originalK-means algorithm, in this article, we use genetic algorithm to optimize the initialclustering centers, coding for each clustering center as a chromosome, which generatethe new clustering center by the means of crossover and mutation, use K-meansalgorithm to obtain the convergent result quickly, select the clustering center whichhas high fitness as sub-center, incrementally iterate until the criterion function isconvergence. Through this method，we solved the problem that the original K-meansalgorithm could easily lost into the local optimal.The original K-means algorithm depend on the order of input data, we use statistical methods, which count the number of every kind of record in each cluster,select a certain percentage of record as outlier. This Outlier is removed from thequondam cluster, and then is re-clustered.In this article, we design a simple model by the means of simulating the processof intrusion detection, which includes network data collection, feature selection, dataStandardization, intrusion detection and alarm response, describe each part in details.We test the effectiveness of the algorithm in intrusion detection of classical data sets(KDD CUP1999). The experimental results show that compared with the intrusiondetection system, the method and relevant study improve the efficiency and precision.