Research Of Outliers Mining Applied In Snort System Improvement

Intrusion detection can be divided into misuse detection and anomaly detection.Snort network intrusion detection system works by feature matching,it has the advantage of open source code and using the plug-in mechanism,Snort got attentions of many researchers who devote themselves to intrusion detection research.Snort uses a lower level of intrusion detection that network packet signature matching used in intrusion detection. it is complicated and not easy to understand.KDD99 data set of attributes about characteristics of network behavior is better abstraction,intrusion detection using KDD99 data set of attribute sets has better intelligibility,more concise,and can detect the unknown intrusion types and the variants of known types.So this research uses parts of the KDD99 data set attributes for detecting outliers.This research analyzes invasion of attributes and characteristics as well as calculating information gain for each attribute, some attributes Reasonable choosed from KDD99 data set are used in the improved Snort intrusion detection system.Because Snort intrusion detection system use the method of pattern matching,Snort has the high detection efficiency,but it cannot effectively detect the unknown intrusion types and the invasion variants of known types.This research design a simple Outliers detection algorithm detection method applied to the Snort system,Snort system has the ability detecting the unknown intrusion types and variants known invasive types.In this study the improved Snort system is designed a new intrusion detection process based on the process of Snort, the process reasonably divided into offline detection part and online detection part,Snort system’s way of signature matching is on-line inspection, and the outliers detection method is offline part,so the improved intrusion detection system improve the effect of intrusion detection at the same time to ensure the high efficiency of intrusion detection.Finally design of outliers based on the deviation is used in intrusion detection system for detecting unknown intrusion verified by the experimental.So the designed outliers detection algorithm can be used in the Snort system to improve the detection effect of Snort system.