| With the popularization and development of internet in the world. The internet had been widely used to various fields of modern society, such as online shopping, online education, internet financial. Network-based computer systems play increasingly vital roles in modern society. However, they have become the target of intrusion by our enemies and criminals. The problem of information security has become the focus of the information industry, and has become an important part of national security.In addition to intrusion prevention techniques, such as user authentication, avoiding programming errors, and information protection, intrusion detection is often used as another wall to protect computer systems. Intrusion detection techniques can be categorized into anomaly detection and misuse detection. Anomaly detection systems observed activities that deviate significantly from the established normal usage profiles as anomalies. Misuse detection use patterns of well-known attack or weak spots of system to match and identify known intrusion patterns or signatures. The existing intrusion detection systems rely on experts experience.As the application of machine learning in database, data mining can provide basis for intrusion detection by association rules and clustering analysis. Firstly, the paper put forward the improvementalgorithms based on the shortcomings of the algorithms.Then we focus on the application of data mining technology on the existing intrusion detection system.Finally, the paper constructsa Storm platform for intrusion detection system used on realtime detection.The third chapter focuses on the application of data mining techniques in intrusion detection system, including the SVM classification techniques in intrusion detection applications, K-means clustering techniques, Apriori association rules how to applied in intrusion detection.And then we analysis the improvement of K-means algorithm and Apriori algorithm.The improved k-means can get better clustering parameter K.The improved Apriori-FP-tree algorithm can effectively reduce the number of scanning the database and memory consume. It combines the advantage of traditional Apriori and FP-Growth algorithm. And we verify the feasibility of the algorithms in the kddcup99 datasets. The expansionmodelwas constructed based onsnort system in the fourth chapter.The model is mainly used for real-time transmission exception log.The expansion modelbased on the data platform which contains scribe, kafka and storm. Scribe is used for collecting snort exception log.Kafka is used for handling active streaming data messages.The storm is used to calculate and its output is added to snortintrusion rule database and also can be used for normal users based anomaly intrusion detection system behavioral models. The fifth chaptermakes a briefsummary of this thesis and summarythe future works need to continue. |
PDF Full Text Request