An Intrusion Detection System Based On Data Mining

With the rapid development of society, the Internet is becoming an indispensable part of people’s daily life, and the consequent network security issues have received increasing attentions. The intrusion detection technology, which is a proactive defense system, is not only an important part of network security, but also an important research field of the Internet.To solve the problem that the traditional intrusion detection system can not recognize unknown attacks, this paper proposed a method that combine the support vector machine (Support Vector Machine, SVM) with classifier ensemble to construct intrusion detection model, which applies data mining to intrusion detection system. A payload feature extraction method is also proposed in the feature extraction of network data, and construct the classifier with the method above, which can improve the detection rate and decrease the false alarm rate of the system.The main contributions of the dissertation are summarized as following:1) A method is presented to extract the featrue of malicious packet load. This paper applied data mining to intrusion detection system. To data mining, especially the classification techniques, the feature selection has a critical influence on the final classification performance. Therefore, this paper firstly extracted the effective feature of network data, which has been experimental tested to have a good detection efficiency on malicious network packet payload and malicious code.2) A good classifier is constructed. Classifier is an important factor which not only directly determine the effect of classification, but also the performance of the detection system. This paper, which combined classifiers ensemble technology and support vector machine as the main classification, presented a method of classifier ensemble with good performance. And experiments showed that, compared to the classical Bagging and Boosting algorithms, this method incarnate better accuracy, false positive rate and generalization performance.3) An intrusion detection systems is designed and implemented. This paper integrated the feature extraction and classifier construction methods, designed and implemented an intrusion detection system, and realized the functions of network data capture, analysis, classification and detection alarm.