Intrusion Detection System Based on data mining for Host Log
The traditional intrusion detection technology is mostly based on the needs of Web log,using a single data mining to improve the algorithm analysis,which cannot be used in an unknown environment of zero-knowledge rule database,and the efficiency of detecting the potential threats and abnormal behavior is not significant.Therefore,the Paper proposes an intrusion detection system based on data mining for host log.In the premise of zero-knowledge rule database,the combination between ARIMA time series modeling and misuse detection and the combination between Apriori association algorithm and anomaly detection effectively solve the problem of intrusion detection of host system from two dimensions of real-time detection and post detection.In this Paper,the intrusion detection system is designed,and the detection efficiency and the rate of the proposed hybrid mining pattern algorithm and the single data mining algorithm are compared.The experimental results show that the detection rate of the intrusion detection method with hybrid mining pattern is improved by 30%at least,and when the log scale is larger,the expressed detection rate is faster and the system stability is stronger.
intrusion detection host log ARIMA Time Series Apriori algorithm
Ming Zhu ZiLi Huang
School of Computer Science and Technology Donghua University Shanghai,China
国际会议
重庆
英文
1742-1746
2017-03-25(万方平台首次上网日期,不代表论文的发表时间)