| The rapid development of information technology also brings network security threats associated many other issues. In practical work, system administrators face a lot of intrusion detection alarms and a host audit logs have no idea, a single form of intrusion detection system itself is sinking in how to minimize false positives on the basis of satisfactory detection rate, while commercial deployment of distributed hybrid intrusion detection systems, or so-called security management center, input-output ratio is very small, the general unit unbearable.In response to this embarrassing situation, In this paper, based on the study of the current intrusion detection technology and association analysis mining, we propose a kind of network and host hybrid architecture intrusion detection analysis based on association rules. In response to this architecture, This paper mainly work in the following two aspects.(1) This paper describes the background, significance and research status of this paper, and the development process of intrusion detection, intrusion detection systems architecture, etc., and from the perspective of detection methods and data sources, described the different types of intrusion detection systems and it’s common technique.(2) This paper gives the architecture of the network and host intrusion detection analysis based on association rules, as well as functions and processes related modules, and association analysis algorithms used are introduced. In order to test and evaluate the effectiveness of applied data mining to network and host intrusion detection analysis based on association rules, This paper use MIT Lincoln Laboratory experiments LLSDDOS1.0 dataset, combined with the dataset intrusion scenario, the experimental results were verified. After the intrusion scenario described of the dataset comparison, the reduction of the attack process and dataset invasion scene description exactly, intrusion detection and analysis has achieved good results. |
PDF Full Text Request