Research Of Intrusion Detection System Based On Cluster Analysis And Association Rules

The rapid development of the Internet has brought great convenience to people,but at the same time it has also caused people to pay more and more attention to the problem of network security.However,the existing intrusion detection systems are becoming more and more inadequate in the face of increasingly complex and changeable network data.A new intrusion detection system based on anomaly detection often causes false alarm,so efficient and accurate intrusion detection system is an important direction of intrusion detection research.Through the research on the problems of intrusion detection system,this topic applies clustering analysis method and association rule method in data mining to intrusion detection,and combines the advantages of intrusion detection misuse detection in detecting known attacks and the good performance of anomaly detection in detecting unknown attacks,designs a new intrusion detection system.The intrusion detection model based on two kinds of detection algorithms is clustering analysis and association rules.Cluster analysis k-means algorithm is improved and applied to anomaly detection.Secondary anomaly detection is established to filter a large number of network data,which effectively reduces the amount of misuse detection,improves the detection efficiency of the system,and does not cause the increase of false alarm rate.The improved Apriori algorithm of association rules is applied to rule discovery of misuse detection rule base to realize automatic expansion of rule base.Finally,the improved k-means algorithm and improved Apriori algorithm are tested by using KDD CUP99 data,which is authoritative in the field of intrusion detection.The experimental results show that the performance of the algorithm has been improved.At the same time,the design model is implemented on Snort system.The test results show that the performance has been improved and the design of the model is reasonable.Therefore,the research of this subject has certain reference value for improving the performance of intrusion detection.Figure 20;Table 10;Reference 45.