Research On Campus Network Intrusion Detecting System Based On Data Mining

With the unceasing improvement of information construction at college,scale of campus network keeps growing and network has become necessary tool for campus teaching,scientific research and office work.People have higher requirement for information security.Although campus network brings convenience to teachers and students,it also causes potential safety hazard.Intrusion Detection Technology,which can take the initiative to defend against malicious attacks,makes up the deficiency of the firewall technology and becomes the second network information security line of defense after the Firewall.With the increasing enrollment of colleges and universities,the number of network users keeps growing.In high speed network environment,information volume shows Geometric digital growth and network attacks becomes more and more hidden,so how to find out the network intrusion behavior data packets from the mass information quickly has become a research topic of many scholars.Data mining techniques can find out useful information from a large number of data,which may be potential,unknown,and very valuable knowledge.Intrusion detection is a process of classifying network normal packets and abnormal packets.Since the two technique is to analyze and deal with data,using the data mining technology into intrusion detection can develop the ability of handling large data for data mining,improve the speed of intrusion detection,reduced human participation and make intrusion detection system more intelligent.The thesis introduces the problem existing in campus security,describes the intrusion detection technology and data mining technology and proposes the architecture of campus network intrusion detection system based on data mining.The thesis also use classic open source Snort Intrusion Detection System,introduce the function of each module and increase the cluster analysis module,Pre detection engine module,rule generation module on the basis of the original function module of Snort.Cluster analyzes module uses k-means algorithm,mines network normal behavior data packet feature and forms the network normal behavior pattern.The he working principle of the pre detection engine module and the cluster analysis module is similar,but Pre detection module is only responsible for the detection but not dividing.Rule generation module adopts Apriori and FP-growth algorithm and digs the interesting association or correlation of the data in a log record to get characteristics of new intrusion behaviors,form new intrusion rules and add them to snort intrusion rule base.Campus network intrusion detection system based on Data Mining uses the snort's open source,implant clustering analysis k-means algorithm and association rules Apriori algorithm into Snort Intrusion Detection System and improve the efficiency and accuracy of intrusion detection.The thesis introduces advantages and disadvantages of the two algorithms and proposes improved algorithm of two algorithms based on the requirement of intrusion detection system in campus network.Improved algorithms of Apriori and k-means are added to Snort system and accomplish the design of campus network intrusion detection system based on Data mining.It's proved through experiment that the system improves its detection efficiency and quality.