| Nowadays the rapid development of network information technology has changed the way of people live profoundly. Meanwhile, the network information security problem has become the focus of research. Intrusion detection technology is an important means of defending network information security. It’s a proactive information security defense technique. As the second line of defense of network information security, intrusion detection technique can compensate for the shortness of traditional information security defending techniques of firewall and information encryption, and consist of a complete information security defense system with the traditional security defense techniques.Data mining is a widely used data analysis and processing technology, which can effectively analyze massive amounts of data and dig out useful knowledge and information. For intrusion detection system, finding of the information related to intrusion is the key to the realization of the intrusion detection system. The application of the data mining in the intrusion detection may take the advantages of data mining, and find the essential characteristics of intrusion from the perspective of data, and improve the performance of intrusion detection system.This paper researched the application of commonly used data mining techniques of clustering, classification and feature extraction, and improved the detection performance of the intrusion detection. First, we studied the application of division based clustering algorithm in intrusion detection. In order to resolve the problem of the effect of the initial cluster centers and number on the detection results, we adopted the affinity propagation clustering algorithm which can automatically decide the clustering centers and number, and combined it with the anomaly detection technique to construct an intrusion detection system. Then we studied the application of classification algorithm in intrusion detection. In order to resolve the problem of accessing the optimal decision plane in traditional KNN classification, we improved the traditional KNN algorithm by introducing the concept of local hyper-plane to it. We can classify the test sample according to the distance between the sample and the local hyper-planes of each types of training samples. Finally, we studied the data preprocess of intrusion detection system. In order to reduce the redundant information in the original data, we constructed a kind of linear discriminant analysis based on the HKNN classification algorithm. This method can extract features from the original data features and effectively reduce the dimension of data and the consumption of computing resources.In order to prove the feasibility and effectiveness of these approaches, we implemented simulation experiments on the KDD CUP99dataset. |
PDF Full Text Request