Research Of The New Method Of Intrusion Detection Based On Partition

With the rapid development of information technology and network technology,network has gradually become an indispensable part of people’s life. However, wherethere is convenience, there is a challenge. When people enjoy the conveniencebrought by the information revolution, they have to face the big challenge brought bythe network security. As the key link of the network security protection mechanismand one of the core technology of network security, intrusion detection developsrapidly.Intrusion detection based on data mining thinks the process of intrusiondetection system as the mining process of the training data set. It minimizes the needfor prior knowledge and people’s participation. It will improve the efficiency of theintrusion detection and intrusion response significantly.As an effective tool to analyze and deal with the uncertainty, incomplete andinconsistent information, rough set theory has a mature mathematical basis and doesnot need prior knowledge. It will do a great help to both the preprocessing of datamining and the stage of data mining.After counting and analyzing kddcup99data set, this paper uses the partitionthought of rough set to deal with kddcup99. First of all, it divides the kddcup99’straining data set by the values of the property named service according to the priorknowledge. In this way, it solves the big problem of existing research that caused bythe large capacity of the kddcup99data set. To discretize each partition according tothe traditional discretization algorithms will greatly reduce the computationcomplexity. Secondly, the thought of partition is used again in the process of attributereduction and value reduction. This paper makes the attribute reduction and valuereduction together. It not only gets the minimum reduction result but also keeps thedecision table’s consistency. And it uses the result to build the intrusion detectionsystem’s rule base quickly and exactly.The result of the experiment shows that this method reduces the complexity ofeach stage in the whole data mining process. And it will make sure of the highdetection rate, low false alarm rate and low loss rate at the same time.