Intrusion Detection System Design And Implementation Based On The Honeypot And Data Mining

With the popularity and the rapid development of the Internet, it brings people avariety of problems, while it gives people a lot of convenient. The most seriousproblem is the network security. It causes serious threat to the users’ information.Facing these security threats, network protection technology are rapidly developing tocope with various threats.The intrusion detection system can monitor network traffic to detect knownattacks. And it has many mature product, it complements firewall technology andimproves the flexibility. The shortcomings of intrusion detection system is that it cannot detect unknown attacks, the missing report rate and misdeclaration rate arehigh,and it is in a passive position in network protection. Honeypot system is a systemwith defects. It is arranged on a virtual machine or physical host, takes the initiative toattract cyber attacks, records the behavior of the attacker, but without basic networkprotection. The "active" behavior of honeypot makes up for the intrusion detectionsystem "passive" shortcomings. Combine their advantages, will greatly improvenetwork security effectiveness.This dissertation designs intrusion detection system based on honeypot and datamining technology, after the analysis of the advantages and disadvantages of intrusiondetection system and honeypot systems. Data mining techniques were used in thefield of network security. Designed and improved clustering algorithm and associationrules algorithm depending on honeypot system and network security features.Analysed attack behavior data collected by honeypot by using data mining technilogy.Had got more valuable results. Turn the conclusion of the data mining into the rules ofthe rule base of the intrusion detection system. Then store them into the rule base andupdate the rule base in order to improve the detection capabilities of the IDS.Achieved the rule base updated. Tested the system, had proved that the system couldeffectively improve the performance of the intrusion detection system. Had achievedthe expected goal.