Research On Intrusion Detection System Based On Classical Clustering Algorithm And Association Algorithm

With the rapid development of network communications,the "Internet +" model has been widely popularized.At the same time,hacker technologies,mainly dominated by network intrusion,are constantly developing in a more complex and secretive direction,resulting in a more serious security situation in information and communication networks,and the impact of deliberate attacks and destruction is more extensive.In the face of complex and diverse attack methods,the traditional database security mechanism seems a bit weak.Intrusion detection system(IDS),as a new type of security defense system,protects data security by detecting possible intrusion behaviors and taking measures such as alarms.It bears irreplaceable heavy responsibilities,but the current intrusion detection systems are not efficient due to low detection efficiency The problem is becoming increasingly prominent,and it is difficult to guarantee the network to operate in a safe and stable state.Therefore,in order to improve the performance of intrusion detection and better solve network security problems,research on intrusion detection systems based on classic clustering algorithms and association algorithms has been performed.First,it analyzes the current status of intrusion detection systems in the world,especially Snort,which is an important and most popular intrusion detection system in the domestic security industry.It is concluded that there are problems such as long detection time and low detection accuracy caused by only known attacks;Secondly,the Snort system is improved based on the classic clustering algorithm and association algorithm,but the traditional clustering algorithm,Kmeans algorithm has the problem that the uncertainty of the clustering center k leads to unstable clustering results.The association algorithm,Apriori algorithm also has problems such as insufficient correlation.So the L-Kmeans algorithm optimized by the K-nearest neighbor algorithm and the C-Apriori algorithm with additional confidence indicators are proposed separately.So that the data mining algorithm can be better applied In the intrusion detection Snort,an improved Snort with better performance is obtained.Finally,the advantages of the L-Kmeans algorithm and the C-Apriori algorithm applied to the intrusion detection system Snort are analyzed from the aspects of detection time and detection accuracy.Experimental simulation results show that Snort after theapplication of the two algorithms has a certain improvement in detection efficiency and accuracy compared with the traditional Snort.It also reflects that the classic clustering algorithm and association algorithm in data mining algorithms and intrusion detection The combination of systems can change Snort's intrusion detection technology from the traditional detection of only known intrusions to the active discovery of unknown suspicious behavior,which shortens the detection time and improves the detection accuracy.This research has promoted the development of intrusion detection technology,and improved the security of information transmission on the Internet,including work,study and entertainment.