Research On Intrusion Detection Technology Based On Multi-dimensional Association Rules

Intrusion Detection is an active defense tool of the network security, when intrusionsare detected, which require the response units to respond and handing them as soon aspossible, at the same time, record their characteristics in order to be useful for thedetection in future. For the correlations of intrusions, so correlations analysis betweenintrusions is one of most important means of intrusion detection, and which is widely usedin the intrusion detection system. In the various methods of data mining, association rulesmining algorithm is an important research topic in data mining, At the same time, it is verysuitable for the Correlation analysis of intrusion behavior.It can find normal and abnormalbehavior pattern and association rules from the mass data. The rules can be used fororiginal data pre-processing and rules matching, so that the purpose of intrusion detectionis achieved. Therefore, the improved algorithm of association rules and its application inintrusion detection has important practical significance.Firstly, this paper proposes a multidimensional association based on frequent patterntree (Multidimensional MAFP Association Frequent Pattern) algorithm for miningassociation rules.This algorithm is combined with the Apriori algorithm and FP-Growthalgorithm, using the MAFP-tree structure. MFP-tree (Multidimensional Pattern Tree) andFP-tree is respectively used as the storage structure for dimensions and items. So that,the divided into two parts storage of the database not only can further compress the spaceused to store items and greatly reduce the temporary memory space, but also reduce thetimes of scanning data warehouse. So that the solution efficiency is greatly improved.Secondly, according to the current problems of the database becoming more andmore huge and the traditional mining algorithm being low efficiency, the parallelmulti-dimensional association rules algorithm based on Hadoop is presented. The basicidea of the algorithm is that the process of generating frequent item sets and associationrule is completed by the Master and Slave node on the MapReduce. So that distributedstorage of massive data and distributed processing of tasks are realized and load balancingachieved.At last, a network intrusion detection test using the selected sample data sets is given. The experimental results show that the proposed algorithms solve the problem efficiently,the running time of the algorithm is lower than others, and the accuracy of the results hasbeen improved to some extent. Our work achieved the goals which are set previously.