Research And Application Of Data Mining In Intrusion Detection

With the continuous development of network technology and the deepening of applications,the internet has been bringing more and more convenience to people's lives.At the same time,a large number of multi-type security threats are also increasing,and network security issues caused great concern.As an important part of network security technology,intrusion detection can use the acquired computer network and user event information to analyze the current network situation in real time and evaluate the security of computer system and network.However,at present,most of the current intrusion detection systems are based on traditional machine learning methods,which are relying on the feature commonality between traffic to establish a network security domain model,and rarely detection system consider the relationship between the characteristics of a single traffic.Therefore,the relationship between network traffic characteristics is mined efficiently by the improved association rule algorithm and the network traffic security domain is model in this thesis.The main work and innovations of the thesis are as follows:1.The related knowledge and technology on association rule mining and intrusion detection system was introduced in this thesis,and the process and performance defects of classical Apriori algorithm was analyzed,as well as the improved algorithm for Apriori based on hashing,partitioning and transaction compression.Then,the fusion of association rule algorithm and fuzzy set theory and the application of attribute simplicity in feature selection was discussed.2.A Boolean Vector Apriori(BV-Apriori)algorithm for interpolation generating frequent itemsets by Boolean Vector was proposed in this thesis.The algorithm scans the database once and converts it into a binary two-dimensional matrix.The bitwise operation is used to find the Boolean vector corresponding to 1-frequent items.The traditional Apriori algorithm and its improved algorithm are used to generate frequent items from low-dimensional frequent itemsets to high-dimensional order.In order to change this way,all frequent itemsets are generated in a interpolation manner based on Boolean Vectors.And for the characteristics of improved algorithm and distributed system,the applicability and feasibility of BV-Apriori algorithm in distributed platform are discussed.In the end,the BV-Apriori algorithm is compared with the classical Apriori algorithm and Apriori-BR algorithm to verify the mining efficiency of BV-Apriori algorithm.3.A Boolean Vector Apriori-intrusion detection system(BVA-IDS)model based on BV-Apriori algorithm was proposed in this thesis,and the working process and analysis tasks of each stage of the model in detail was introduced.In addition,the fuzzy set technique is introduced to solve the problem of excessive boundary in the continuous data partitioning process.The minimum subset property of the original data set is filtered by the attribute reduction technique.Finally,the model mines potentially useful relationships and patterns to generate the anomaly detection and misuse detection association rule base efficiently by BV-Apriori algorithm,then,completes real-time analysis of relationships between features,and updates the rule base.4.As the experimental environment of the intrusion detection system,the network monitoring work platform based on bypass mirroring was built in this thesis,and the basic functional modules of the BVA-IDS model was implemented.In addition,KDD CUP 99 was selected as the experimental data set,and multiple sets of contrast experiments under the control variables were designed.The BVA-IDS model was compared with the correlation model's intrusion detection system evaluation index and receiver operating characteristic curve.The experimental results show that the BVA-IDS model based on BV-Apriori algorithm effectively improves the overall accuracy of intrusion detection and reduces the false positive rate and false negative rate.