Translated Abstract
With the rapid development of Internet, we have entered the era of information. At the same time, the information security issues, including information disclosure, information safety, and information abuse for criminal purpose has become increasingly severe. An intrusion detection system is a new technology after the invention of firewall. Its principle is to detail analyze and identify the huge amount of data and information obtained, in order to find intrusion or potential threats. To implement data mining techniques in intrusion detection system will greatly enhance the efficiency and effectiveness of the detection system, especially for new intrusions.
First, this thesis did an in-depth research on the related theory and technology of intrusion detection, analyzed the problems in the open source intrusion detection software Snort system. Focus on the false alarm problem of Snort, developed an improved clustering algorithm, K-means. The algorithm can divide the internet data into normal class and abnormal class, without the need of the category labeled training dataset. With the targeted improvement measure, the algorithm can automatically optimize the number of clusters, optimize the initial cluster center, and reduce the susceptibility of noise data. To focus on the problem that current Snort system cannot adapt to the new intrude patterns of internet, we improved Apriori algorithm. The improved Apriori algorithm can quickly and efficiently find the relationship of each intrude pattern in system logs, to form the rule of the normal user behavior and the model of intrude pattern. With the addition of this rule to the intrusion detection system, the detection accuracy can be provided efficiently. Based on the above work, this thesis optimized the Snort system, designed and implemented an optimized Snort intrusion detection system (Optimized Snort, O-Snort Intrusion Detection System). Also analyzed the overall framework and design concept of the system, did a detailed research on design concept and work process of cluster analysis module, abnormal data detection module, and association rules analysis module. And added the cluster analysis algorithm and association rule algorithm to Snort intrusion detection system in form of plug-ins, completed the optimization of O-Snort system design and implementation based on improved data mining algorithm.
The test results show that the O-Snort intrusion detection system is highly accurate and efficient in detection, with its pre-detection module and abnormal data detection module designed and implemented based on improved K-means algorithm. And the association rules module designed and implemented based on the improved Apriori Algorithm allows O-Snort intrusion detection system to quickly analyze and extract behavior patterns unknown abnormal internet data.
Corresponding authors email
