Research About Intrution Detection Based On Data Mining Algorithms

Posted on:2014-12-02

Degree:Master

Type:Thesis

Country:China

Candidate:L L Quan

Full Text:PDF

GTID:2268330425456774

Subject:Computer application technology

Abstract/Summary:

PDF Full Text Request

Intrusion detection is the process used to find the behavior that violate the security policy ofnetwork or computer system and react to it. Through the research to the types of network attackand the intrusion detection methods, the fact that the normal intrusion detection methods werenot good enough for U2R and R2L was found. But these two types of attack can also cause agreat threat to the network or computer system. Therefore, it’s necessary to improve the detectionrate of U2R and R2L.This paper first analyzes the reasons why the detection rate is low for U2R and R2L. Afterresearching, we found two reasons. First, a large number of redundant records existed in KDDCUP99dataset led to the skewing of dataset, which results in the fact that learning algorithmlearned more knowledge from frequent records and learned less knowledge from other records.Second, unlike the attacks named DoS and Probe, the data records of U2R and R2L does nothave frequent sequential patterns.Thus if we use the same detection methods to detect R2L/U2Rand Dos/Probe, it’s difficult to improve the detection rate of R2L and U2R. Based on the tworeasons, this paper proposed an intrusion detection model based on Support VectorMachine(SVM) and Bayesian classification. In order to reduce the redundant records in thetraining data, the algorithm named BIRCH(Balanced Iterative Reducing and Clustering usingHierarchies) was used. Besides, the model used SVM to detect DoS and Probe and appliedBayesian classification for detecting U2R and R2L.Experimental results showed that the overall detection rate for the model in this paperreached96.68%and for U2R and R2L it’s68.6%and45.7%. This result is much better thanother models mentioned in other papers. We found that it is still very low of the detection rate forR2L which is less than50%, the reason of which is that in the test set, there is a type of datanamed snmpgetattack which is still belong to R2L. The attribute characteristics of snmpgetattackis same as normal data, and therefore it’s hard to detect snmpgetattack.

Keywords/Search Tags:

Intrusion detection, BIRCH clustering, Support Vector Maching(SVM), Bayesianclassification, U2R, R2L

PDF Full Text Request

Related items

1	Intrusion Detection Based On Clustering And Support Vector Machines
2	Research On Intrusion Detection Based On Clustering And Support Vector Machine Multi-class Classification In WSN
3	Research On Intrusion Detection Methods Based On Clustering And Support Vector Machines
4	Application Of Support Vector Machine To Network Intrusion Detection
5	Clustering Based On Support Vector Machine Multi-stage Intrusion Detection In The Research And Implementation
6	Support Vector Machine Based On The Clustering Of Sub-blocks Intrusion Detection Algorithm
7	Research Of Text Clustering Based On Improved Birch
8	Research Of Intrusion Detection Technology Based On Improved Hierarchical Cluster And SVM
9	The Research Of Intrusion Detection Based On Support Vector Approach
10	Design Of Classifier And Research Of Fusion Technology For Intrusion Detection