The Design And Implementation Of Intrusion Detection System For The Seventh Oil Production Plant Of Daqing Oilfield

With the widespread use of Internet in the world, Internet has become an important part of people’s lives. Internet is not only used for entertainment, but also used for works which include oilfield industrial equipment remote control, network office. With internet is benefit to people, security issues is generated. Because of more and more network attacks, network security problem is needed to solve. Some technologies can ensure network security, such as intrusion detection technology. The technology can protect the internal network security, which not only detect external attacks but also identify the internal misuse.The research which is related to intrusion detection system has a series of problems, such as detection rate, false positive, false negative cases and a high degree of human involvement. So the current poor adaptability intrusion detection system can not meet the existing the complex network environment intrusion detection needs. Human involvement produces a serious burden to the system, especially in the rules which need manually configure. Thus, with the intrusion detection system researching, the new automation technology is lead into automatic rule extraction process to reduce the workload of human involvement. The method which combined with data mining technology is an important path in intrusion detection field. At present, intrusion detection based on data mining is the core content of intrusion detection research and development trends. The complexity of intrusion detection system exceeds the existing intrusion detection systems, and data mining algorithm is become a foundation to build system.This paper analyzes the issues involved in technologies and the company’s network security threats, and presents the intrusion detection system framework for the company’s network. Based on the framework, the data acquisition module and data mining module are designed. In order to meet the needs of the company’s network traffic, the system uses a distributed network. Packet capture module uses the latest the zero-copy method to implement the capture function under high flow. The data mining module uses the clustering and association analysis techniques, and the Apriori and K-means algorithm are improved in this paper. The framework focuses on data mining modules to achieve the perception of intrusion information and to lay the foundation for the system study.Finally, based on implementation of intrusion detection system in the actual network and the real traffic data, comparative testing which use classical data sets and stress testing which use mass data traffic are tested. The result shows the system can meet the design requirements to provide a security barrier for company’s network security.