Intrusion detection based on data mining unknown attack recognition framework
|Course||Applied Computer Technology|
|Keywords||Intrusion Detection Date Mining Multi-Attack-Detection Clustering Association method|
Along with the fast development of the network technology and the complication of the internet environment, the network security problem is getting more and more serious. As a new computer security technique, Intrusion Detection System(IDS) has been used more and more widely, and become an important part of Deep-Defense computer security system. IDS can discover all kinds of hostile data both on internet and on computer, and take action to eliminate them. It can detect intrusions from extranet hackers and the attack form inside.Data Mining is a useful tool to analyze magnanimous data and to explore hidden rules, so it is widely used in different domains. In the situation of new attack methods occurred continually, especially some cooperated intrusions, IDS’s strategy of detect known attack with rules show its limitation. IDS needs Data Mining to dig out new form of new attack.In this paper, we develop a framework which can explore new attack data to update IDS. It first filtrate the new attack records unknown for IDS, then analyze them to extract description. In the implement, we use Association to analyse and shear dataset, use Clustering to explore new attackings. In the rule-extract process, we discuss several algorithms, including Decision Tree, Frequent-AttributeSet and Hierarchical-Clustering, and choose the proper ones to improve.Lots of delicate amelioration, especially the method of Dynamic-Program, make all algorithms cooperate well and make the framework work with higher efficiency. This Framework can get exact rules when multi-attacks arrive simultaneity.