

Study on Intrusion Detection Technology Base on Data Mining

【作者】 陈宇晖

【导师】 傅明;

【作者基本信息】 长沙理工大学 , 计算机应用技术, 2010, 硕士

【摘要】 随着IT技术的迅速发展,信息安全问题成为了人们关注的一个焦点,其中数据库系统的安全问题是信息安全中非常重要的一个部分。数据挖掘作为一种规则挖掘手段被引入到了入侵检测中。近年来,不少专家、学者分别就如何提高入侵检测系统规则挖掘速度展开了研究并取得了一定成果。本文对经典的数据挖掘算法Apriori算法进行改进,将其引入至入侵检测系统。主要研究工作如下:(1)提出了基于改进Apriori算法的数据库入侵检测系统,该系统共包含数据预处理模块、规则生成模块、入侵检测模块和响应模块四大模块。在数据预处理模块中,首先将审计数据转换为布尔型数据以便进行规则挖掘;在规则生成模块中,引入改进之后的Apriori算法以提升规则挖掘效率;在入侵检测模块中,使用异常检测与滥用检测相结合的复合式搜索引擎以克服二者的缺点;在响应模块中,对不同的检测结果分别进行响应。(2)对经典的Apriori算法进行研究,针对Apriori算法做联合规则挖掘时,需要为每一个候选项集C的成员扫描整个数据库来确定其支持度的特点,提出一种改进的Apriori算法,该算法在使用Apriori性质删除候选项集时,采用频繁子集数量多少的判别方式减少对上级频繁项集的扫描。在计算候选项集支持度时,采用索引树数据结构存储数据,从而大大降低了对数据库的扫描次数,提高算法的整体效率。并将改进后的Apriori算法应用至审计数据规则挖掘。

【Abstract】 Along with the fast development of the Information Technology, the security problem of information becomes the focus of people’s attention, and the security problem of the database system is a very important part of the information security. Data mining as a rule mining method is introduced in intrusion detection. In recent years, many experts and academicians have researched in how to enhance the efficiency of the rule mining of the intrusion detection system, and have acquired many achievements.This paper has improved on the classic data mining algorithm Apriori, and introduces it to intrusion detection system. The main researches are showed below.(1)This paper put forward a database intrusion detection system based on the advanced Apriori algorithm. This system includes data preprocessing module, rule creating module, intrusion detection module and response module. In the data preprocessing module, we first transform the audit data to the boolean data in order to do the rule mining; In the rule creating module, we introduce the advanced Apriori algorithm in order to enhance the efficiency of the rule mining; In the intrusion detection module, we use compound search engine composition by abnormity detection and the abuse detection, in order to overcome their weakness; In the response module, it can response respectively to the different result.(2)This paper research in the classic Apriori algorithm, aiming at the Apriori algorithm’s characteristic that it have to scan the whole databace for each member of candidate itemset C to define the degree of support, we introduce an advanced Apriori algorithm, it will adopt distinction of number of frequent subitem to decreace the scan of the superior frequent items when this algorithm use Apriori property to delete the candidate itemset. When it compute the degree of support of the candidate items,it adopt the data structure of index tree to store data, which can decreace the scan of databace to a large extent and raise the algorithm’s whole efficiency. And it introduces the advanced Apriori algorithm to the audit data rule mining.
