Research Of Website Intrusion Detection

With the development of information technology, the patterns, carrier, type ofnetwork intrusion behaviors change rapidly, and take the initiative to explore andanalyze the abnormal data and maintain the security of network platform has the moreand more important. Intrusion Detection is now an integral part of the security of thenetwork platform security, there is an important significance in the maintenance ofsecurity and stability of the network. Current mainstream commercial IntrusionDetection System basically follow one of two modes: abuse detection and anomalydetection. Both of them rely on attack signatures to establish a knowledge base, but thenetwork environment is constantly changing, and the new network attacks aregenerated constantly. The weakness of attack detection mode relying on featureknowledge base began to be revealed, which is speed of the knowledge base updatingbackwards with the speed of new network attacks generating. The focus of this studyin two parts: Unsupervised intrusion detection algorithm and incremental sequentialpattern mining algorithm in a database intrusion detection.Firstly we introduce the status and background of the subject. Secondly weintroduce the overall profile, fundamental principles and many kinds of classificationof intrusion detection systems, and then we describe the basic principles of thecorresponding solutions focusing on data mining technology based intrusion detectionresults. The proposed web-site intrusion detection method implements the backbonenetwork intrusion detection on the server side and database intrusion detection on theback-end of web-site by using current popular data mining technology and combinewith different security contexts of the actual system.The detection of the intrusion behavior which is hidden in the huge amounts oftraffics of Web server has become a hotspot in the field of current intrusion detectionsystem research, and how to implement the intrusion detection for high-dimensionaldata stream efficiently and accurately is currently a problem to be solved. In order toachieve the efficient and accurate intrusion detection on the backbone network ofserver-side, this paper propose the network intrusion detection method basedFCM-Vote unsupervised. The novel method captures the anomaly time slice ofbackbone network and analysis the time-on-chip data flow characteristics byclustering. We divide the Clustering process into three phases: i). Divide subspacesbased on the attribute relevance; ii). Subspace clustering; iii). Clustering fusion. According to the results of cluster analysis, the system will screen and filter the datastream which may contain network attack. We establish the FCM-Vote basedunsupervised network intrusion detection system model by the results of studies andput it into the concrete experiments. Experiments showed that FCM-Vote-basednetwork intrusion detection method remain the case more than95%of the intrusiondetection rate, although the amount of data kept increasing. Meanwhile comparedwith the method rely on traditional knowledge anomaly detection, our novel methodmaintained not more than3%of the false alarm rate with the mass data.On the other hand, as network attack may come from the inside, databaseintrusion detection is another focus of this paper to achieve the security of the networkplatform. Database intrusion detection is not mature in practical applications, and therelated research is still in its infancy. In this paper, we propose a method of databaseintrusion detection which based on incremental sequential pattern mining. The novelmethod uses the database audit data structure historically normal set of rules toimplement a database intrusion detection. Researchers test both normal and abnormaldata set of SQL statements to verify the effectiveness of the algorithm and tolerancefor differences in the rules. Meanwhile, the researchers compare the processingefficiency between different algorithms, the results show that compared to the othermethods of database intrusion detection, the novel method based on incrementalsequential patterns in a database intrusion detection algorithm has strong adaptabilitymining. Experiments showed that anomaly detection experiments of different SQLstatement can limit the false positive rate between2.31%-4.58%, our proposedmethod has better self-adaptability than the traditional method which is sensitivityby the parameter. Meanwhile, the researchers conducted the efficiency of thealgorithm, the results showed that the method based on incremental sequentialpatterns in a database intrusion detection algorithm has a better adaptability than thetraditional method. Experimental results showed that after the sequence set increasedto3000, the traditional methods need about10s overhead and the novel method justcause the time cost controlled within1s by setting minimum support under thecondition of7%and working on the single thread.According the experimental verification for two proposed solutions, we showreaders not only the experimental realization of the principle solutions and steps, butalso the accuracy, scalability, usability and robustness through investigate the various schemes.