Applied Research, Data Mining In Intrusion Detection Systems

Network security is a complicated subject. It touches every aspect of a network, such as its topology, its network protocols, intrusion detection system adopted, encryption method in use etc. This thesis mainly focuses our works on intrusion detection techniques developed to tackle this issue.In the first chapter, a brief introduction to the development of the network security technology as well as a survey on intrusion detection techniques is given.The second chapter covers the foundmental concepts of intrusion detection techniques, the general detection mode and its modeling. At the end of this chapter, a detailed analysis of the existing intrusion detection systems is given and its limitation is revealed thereupon.The third chapter introduces many data mining techniques with the focuses on the Association Rule analysis method and Genetic algorithm based analysis method.Among the many challenges facing a data mining based intrusion detection system, two critical ones need to be addressed. They are detection failure (includes false detection and detection failure) and detection speed. Apriori algorithm is one of the methods attracted researchers' interests because of its effectiveness. We will give a detailed analysis of Apriori algorithm before we present our modified Aprior algorithm. This chapter will also discuss weighted association rule analysis method (WARA method) and its application in the intrusion detection system. An intrusion detection model based on the WARA method and its implementation is proposed. Furthermore, we applied genetic algorithm on the proposed intrusion detection system, thus a novel intrusion detection system based on association rule and genetic algorithm comes into shape. This is our original work.A hierarchy data mining based intrusion detection system and itsimplementation method is presented in the fifth chapter. This method divides the rules into two categories and adaptively adjust the data mining process through a rule manager thus control the intrusion detection system. The experiment results prove that this method can improve an intrusion detection system's efficiency.The sixth chapter explains how to construct the security system for a University network with the focus on how to construct a free intrusion detection system through network.In the last chapter, future work on the data mining based intrusion detection system is covered.