Application Research On Data Mining To Instrusion Detection

As the network constantly promoting informatization process, how to deal with network malicious attacks has become a very important research subject. As an important part of network security technology, intrusion detection technology can quickly detect and respond to malicious attacks in the network environment, but there are still some problems such as the low rate detection, the high rate of false positives and false negatives. Association rules mining in data mining technology can meet the demand of the application of intrusion detection. Applying the efficient and accurate association rules to intrusion detection system can effectively improve the accuracy of intrusion detection, so as to enhance the network security.This thesis mainly in view of the association rule mining algorithms and intrusion detection to do the following work:1. This thesis analyzes the concept, definitions, processes of the classic Apriori algorithm and the existing problems, and analyzes Apriori improved algorithm based on the division, sampling and hash technology, and FP-Growth algorithm and Eclat algorithm.2. This thesis proposes a searching frequent itemsets algorithm(IFPA algorithm) based on the combination of horizontal and vertical scanning technology. The algorithm scans the database only twice that reduces the I/O consumption, and uses a two-dimensional matrix of binary to storage transactional database, which speeds up the calculation process of support, thereby speeding up the process of generating frequent itemsets. Then, the thesis do several experiments in different data scale and support with T20I6D100 K and retail data sets, and then compares the IFPA algorithm and the classic Apriori algorithm, FP-Growth algorithm on frequent itemsets search speed. The experimental results show that the algorithm IFPA has faster search speed. In addition, the thesis analyzes the existing deficiencies and improvement direction of the IFPA algorithm.3. This thesis puts forward a model of intrusion detection IAR- IDS based on IFPA algorithm. This model can effectively deal with hybrid data pool to get accurate rules, thereby enhance the detection rates and reduce the rate of false positive and false negative of intrusion detection system. The thesis describes in detail the main tasks and processes at all stages of IAR-IDS model, and gives the evaluation of intrusion detection model.4. This thesis achieve the function of the IAR-IDS model by programming, and also do several experiments in different scale of data with the training and testing data sets KDD CUP 99, and then compares the IAR-IDS model with Crisp DM model, Fuzzy DM model on detection rate, false positive rate and false negative rate of detect intrusion system. The experimental results show that the IAR-IDS model has shown good detection accuracy in experiments with different data scale, especially reduces the rate of false positives and false negative of intrusion detection system.Experimental results show that the IFPA algorithm speeds up the process of generating frequent itemsets in mining association rules, and IAR-IDS model based on the IFPA algorithm effectively improved the accuracy of intrusion detection system.