Research And Implementation Of The Host-Based System Intrusion Detection

With the rapid development of computer science,the system attacks and intrusion behavior are increasingly threatening the national security and social life.In order to defend the system,and effectively solve the intrusion detection,the System log analysis based on data mining comes out.The log data records users' access information,which always contains suspicious traces and behavior,therefore,log analysis has become an important part of system intrusion detection.However,the traditional data mining and intrusion detection technology mostly focuses on the web log,only placing emphasis on the improvement of single data mining algorithm,thus can not well detect potential threats and attacks in the massive network logs.Therefore,this paper aims at the combination of the data mining and intrusion detection technology to discover security threats and put forward relative solutions according to the application sites.In this paper the system framework on the basis of intrusion detection of host log is proposed.The intrusion detection integrating the associated data mining,timing analysis and misuse,anomaly detection methods,mainly including the three modules respectively log pre-processing,data mining,and intrusion detection.First,in log pre-processing module,it will extract,transform and load the host log and standardize the log formality to structured log according to the requirements of data mining for the convenience of reading and processing of data mining and analysis.Secondly,in the data mining module,it will find out the intrinsic transverse connection of each attribute after the log is structured by the association rules,and the longitudinal link of time between logs is analyzed by sequence patterns.Attribute association and cycle rules can be obtained.After matching,the data is stored in the rule database,and the recurrent cycle is repeated,so as to obtain the potential threat log.Then,in the intrusion detection module,conventional log conforming to the safety regulations is filtered with misuse detection technology in accordance with the actual scene.And it can also find out the abnormal behavior of other users and obtain the "suspicious" log data set with the help of abnormal detection.According to the safety experience,it will comprehensively analyze and process the final "suspicious" event so as to ensure network security.Finally,in this paper the log analysis system with the combination of data mining and intrusion detection is realized and many intrusion modules are obtained through the test data structure.The ratio of successful filtered log is up to 97-99%,and the detection rate is also 20% higher than single data mining algorithm.It proves the advantage and efficiency of the system framework in intrusion detection of scheme of host log analysis.