Research On Network Intrusion Detection Based On Data Mining

With the rapid development of computer technology especially the network technology, the rise of electronic banking, e-commerce and e-government, makes the computer network has deep into the work and aspects of life. With the widely application of the network and the rapid increase of data transmission between the network, the network bring great convenience to people but also bring a huge security risk at same time. Network security is becoming increasingly serious threat to people’s privacy and property safety. Unlike firewall security technology, intrusion detection provide real-time monitoring attacks both from outside and inside network..The intrusion detection system (IDS) is deployed in key locations to collect data in the network and then identify security threats behavior from the collected data. Traditional intrusion detection techniques include misuse detection and anomaly detection, both of them has its own advantages and disadvantages. Misuse detection method has the advantage of false detection rate but can not detect new and unknown attacks, the miss rate is high; anomaly detection method has the advantage of detect new attacks, well adaptability, high detection rate, but the drawback of the anomaly detection is high false detection rate.Data mining techniques can extract implicit knowledge or rules from a huge number of data that fit the needs of intrusion detection. The data mining technology is introduced into the network intrusion detection can extract the network behavior that contained in the network data. The biggest advantage of the data mining is to improve the detection’s adaptability and efficiency.This paper analyzes the current status and problems of intrusion detection systems, then build a misuse detection model based on classification algorithm and a anomaly detection model based on clustering algorithm, at last, compared the four classification algorithms performance on the model of misuse detection model and compared the two clustering algorithm performance on anomaly detection model; For a variety of intrusion dataset uneven distribution problem, proposed a balance training set; To the problem of incorrect judgment clustering results, proposed a supervised method to inject the known types of attacks into training dataset. Aiming at the shortcomings of the K-means algorithm, we introduced into the weight vector of attribute importance to improve the k-means algorithm in intrusion detection performance; For the redundant attributes in KDDCup, using the information gain from the decision tree to remove the redundant attributes. Finally, we build a hybrid model based on the misuse detection model and anomaly detection model, then apply the HNB(Hidden Naive Bayes) and the improved k-means in the hybrid model, we using the data mining tools WEKA on KDDCup to analysis the detection performance of the proposed hybrid model.