| With the development of information science and technology, information securityis attracting more and more attention. The current methods for information security areintrusion detection, firewall and other information security technologies, among which,intrusion detection is the most efficient method for network security. Intrusion detectionis a method of information identification and detection, and is capable of predicting anddetermining the appearance of intrusion. From the perspective of data flow, intrusiondetection is based on data analysis. which is interconnected with data mining (DM) andother relative fields. DM is well rooted in the field of information security, such as fraudanalysis in the financial field, analysis of embezzlement modes and recognition ofabnormal patters in the telecommunication industry and intrusion detection in networkmanagement. DM technique with its application in intrusion detection has stimulatedmuch research effort. Network abnormal behavior detection mostly employs DMalgorithm to design prototype systems. The commonly used algorithms include sortingalgorithm, clustering algorithm, outlier algorithm, to just list a few, among which thecluster-based outlier algorithm is the most popular one. This approach treats normalbehaviors as several normal clusters, whereas treats abnormal behaviors as discretepoints. As a result, abnormal data can be found as long as discrete points are identified.Focusing on network intrusion environment, many researchers have adaptively mademodifications to outlier algorithm to meet the need of intrusion detection. This thesismainly studies the application of the frequent outliers-based DM algorithm in the fieldof intrusion detection. Details about the work are elaborated as follows:①This thesis studies the most commonly used intrusion detection algorithms,classifies and summarizing typical technique, analyzes the specific advantages anddisadvantages of each technique, and discusses problems and their countermeasures;②Based on researches and analyses of DM methods featured by frequency,studying the high-dimensional feature of network data and discussing the actualnetwork data of each method in application;This thesis analyzes the frequency-basedDM technique, and then has a study on high-dimensional properties of network data andevaluates the practical performance of related methods.③Based on the above analysis, a new frequent-outlier based algorithm has beenproposed. This algorithm relies on frequency pattern and relation rules. Firstly, it optimizes the computing methods frequency factors and the frequency computation ofeach attribute. Secondly, it extracts noise and outliers from data flow or security log dataand computes frequent weight outlier factors in security data to locate the outliers.Finally, abnormal attributes can be automatically classified.④To prove the feasibility and advantage of this proposed algorithm,KDD-CUP-99(network intrusion detection data sets) are used for comparison.Simulation results performance well. |
PDF Full Text Request