Network intrusion detection system model based on data mining

Abstract

The paper's object is to develop a network intrusion detection model based on data mining technology, which can detect known intrusion effectively and has a good capacity to recognize unknown data schema which can't be detected effectively in traditional IDS. The paper mainly does the following work: by analyzing the intrusion deeply, extract the properties which can reflect intrusion characteristics effectively; combine misuse detection, anomaly detection and human intervention, establish rule library based on C.45 decision tree algorithm and use the optimal pattern matching so as to improve detection rate; the hosts are clustered to be IP group based on visit number by k-means clustering algorithm, the audit data are divided into parts under the IP group's direction, and the classifiers are built up by divided audit data respectively, then the detected Data apply different rules according to their own IP group, thereby reduce false positives. The experiments proved that the method is effective to detect intrusion such as scanning and Deny of Service.