Professional Documents
Culture Documents
Xiuqiao Wang
Department of Computer Science
University of Jining
Qufu, China
wangxiuqiao@sina.com.cn
Abstract—In this paper, Data Mining is introduced into the 㾘᳔߭߱ᰃ㹿⫼Ѣߚᵤ䅵ㅫᴎ㔥㒰Ёⱘ᭄⌕ⱘˈⴔᇚ
Intrusion Detection System, which overcomes the defects of ݇㘨㾘߭ⱘᣪᥬ㒧ᵰЎᣪᥬⱘ䕧᭄ܹˈҹ֓㛑ᣪᥬߎ
traditional detection technology. The nuclear association rules
algorithm applied to the intrusion detection matrix is optimized, ᳝⫼ⱘ㒧ᵰDŽШ⊏ṙỂᄺⱘⷨথҎਬথሩњ݇㘨ᣪᥬ
which make it possible to reduce the Average-Case Time ܹ։Ẕ⌟ᮍ䴶ⱘ䞡㽕ᑨ⫼ˈᑊϨᦤߎњϔ⾡ᮄൟⱘᑨ⫼
Complexity, improve the efficiency considerably, and make it Ѣ ᓖ ᐌ Ẕ⌟ ⱘ 䞡Ẕ ⌟ ᮍ⊩ DŽ Ҫ Ӏⱘ ⷨ お ៤ᵰ Џ 㽕
easy to process magnanimity data. In this way, attacks will be $'$0$XGLW 'DWD $QDO\VLV DQG 0LQLQJ ㋏ 㒳 Ё ᕫ ࠄ ᑨ
detected promptly to achieve the goal of intrusion detection.
Finally, the mining of normal connection rules in the knowledge ⫼ˈᑊϨᅲ偠㒧ᵰⳌᔧⱘ⧚ᛇDŽ$'$0 ㋏㒳 ᑈ
base of intrusion detection matrix will be accomplished. The '$53$ ܹ։Ẕ⌟㋏㒳䆘ԄЁᭈԧᮍ䴶ৡ߫ϝˈᬏߏ
experiment indicates that the matrix is able to generate new rules Ẕ⌟㊒⹂ᗻᮍ䴶ԡѢѠԡDŽҢℸҹৢѢ݇㘨㾘߭ᣪᥬ
after extracting features, and also proves the validity and the
ⱘܹ։Ẕ⌟㹿ᑓ⊯ⷨおˈপᕫњࠡ᠔᳝ⱘⷨお៤ᵰDŽ
feasibility of the IDS.
III. ݇㘨㾘߭ߚᵤঞ݊ㅫ⊩ⱘᬍ䖯
Keywords- Intrusion detection˗Data mining˗Association rules˗
>@
Apriori algorithm ݇㘨㾘߭ߚᵤ ᰃᣛ᭄䆄ᔩⱘ᭄乍П䯈ᣪᥬ݇
㘨݇㋏ˈᶤѯ᭄乍ⱘߎ⦄乘⼎ⴔ䆹䆄ᔩЁ݊ᅗϔѯ᭄
I. ᓩ㿔 乍ߎ⦄ⱘৃ㛑DŽ݇㘨ߚᵤⱘⳂⱘᰃҢᏆⶹⱘџࡵ䲚 5 Ёˈ
䱣ⴔ䅵ㅫᴎ㔥㒰ᡔᴃⱘ催䗳থሩˈ䅵ㅫᴎ㔥㒰 ѻ⫳᭄乍䲚П䯈ⱘ݇㘨㾘ֱ߭䆕݊ᬃᣕᑺ㕂ֵᑺ
⸔䆒ᮑ៤Ў咥ᅶᬏߏⱘ䞡⚍ⳂᷛDŽ㱑✊䰆☿ㄝᡔᴃ㛑 Ѣ⫼᠋乘ܜᣛᅮⱘ᳔ᇣᬃᣕᑺ᳔ᇣ㕂ֵᑺDŽ$SULRUL ㅫ
ϔᅮᑺϞ䘣ࠊ㔥㒰ᬏߏˈԚᰃ⬅Ѣ䖭ѯᡔᴃ䛑ᰃ䴭ᗕ ⊩ᰃ݇㘨㾘߭ᣪᥬЁⱘ㒣ㅫ⊩ПϔDŽ$SULRUL ㅫ⊩ⱘḌ
ⱘ ˈ ᕜ དⱘ ᅲ ᮑ ᳝ᬜ 䰆 ᡸᰃ ᮴ ⊩ ᅲ⦄ ⱘ DŽ Ԛܹ ։ Ẕ⌟ ᖗݙᆍᰃѢ乥㐕乍䲚⧚䆎ⱘ䗦ᮍ⊩DŽ䖭ᰃϔϾѢϸ
,QWUXVLRQ'HWHFWLRQᡔᴃ>@ ᰃϔ⾡ࡼᗕⱘ䰆ᡸ 䰊↉乥㐕䲚ᗱᛇⱘᮍ⊩ˈᇚ݇㘨㾘߭ᣪᥬㅫ⊩ⱘ䆒䅵ߚ㾷
ᮑˈᅗ㛑ᇍ㔥㒰ᅝܼᅲᮑⲥǃᬏߏϢডᬏߏㄝࡼᗕֱ ЎϸϾᄤ䯂乬˖
ᡸˈᶤ⾡ᛣНϞᓹ㸹њӴ㒳䴭ᗕㄪ⬹ⱘϡ䎇DŽ᭄ᣪᥬ 䖭䞠៥ӀᡞᬃᣕᑺѢ᳔ᇣᬃᣕᑺⱘ᠔᳝乍
>@г⿄Ў᭄ᑧЁⱘⶹ䆚থ⦄ᡔᴃ.''ˈᰃᣛҢ䞣ǃ LWHPVHW 䛑 ᡒ ࠄ ˈ 䖭 ѯ 乍 䲚 㹿 ি 乥 䲚 IUHTXHQW
ϡᅠܼǃ᳝ాໄǃ㊞ǃ䱣ᴎⱘ᭄Ёথ⦄䱤᭄Ёⱘ LWHPVHW
݇㋏ˈᓎゟൟˈᦤপ᳝┰Ӌؐǃৃֵǃᮄ乪ǃ᳝ᬜ ⴔՓ⫼Ϟϔℹᡒࠄⱘ乥䲚ᴹѻ⫳ᳳᳯⱘ㾘߭DŽ
ᑊ㛑㹿Ҏ᠔⧚㾷ⱘֵᙃⶹ䆚ⱘ䖛DŽᑨ⫼Ѣܹ։Ẕ⌟ⱘ $SULRUL ㅫ⊩Փ⫼ⱘᮍ⊩㹿⿄䗤ሖ᧰㋶ⱘ䗁ҷᮍ
᭄ᣪᥬߚᵤᮍ⊩>@Џ㽕᳝˖݇㘨ߚᵤᮍ⊩ǃᯊᑣᓣ ⊩ˈN乍䲚⫼Ѣএ㋶N乍䲚DŽ佪ˈܜᡒߎ乥㐕
ߚᵤᮍ⊩ǃߚ㉏ߚᵤᮍ⊩㘮㉏ߚᵤᮍ⊩ㄝDŽᇚ᭄ᣪᥬ 乍䲚ⱘ䲚ড়䆹䲚ড়䆄 /DŽ/ ⫼Ѣᡒ乥㐕 乍䲚ⱘ䲚
ᡔᴃᑨ⫼Ѣܹ։Ẕ⌟㋏㒳Ёৃҹᅠ៤Ң䞣᭄Ё㞾ࡼᦤ
ড় /ˈ/ ⫼Ѣᇏᡒ /ˈབℸϟএˈⳈࠄϡ㛑ᡒࠄ乥㐕 N
পߎൟⱘ䖛DŽᡞ᭄ᣪᥬᑨ⫼Ѣܹ։Ẕ⌟ᡔᴃЁህ
乍䲚DŽᡒ↣ϔϾ /N 䳔㽕ϔ᭄ᑧᠿᦣDŽЎޣᇥᠿᦣⱘ
ৃҹᓎゟᬏߏẔ⌟㋏㒳䖛Ёˈህৃҹ⍜䰸ҎЎ㋴
᭄ˈᇍ↣Ͼ乥䲚䌟ϔϾ䞣ᔧ⬅䭓ᑺЎ W ⱘ乥䲚ѻ⫳
⡍ᅮ㋴ⱘᑆᡄˈЎ݊ᓔথϔϾࡴ㋏㒳࣪ⱘᮍ⊩DŽ䖭ᰃ
䭓ᑺЎ W ⱘ乥䲚ᯊˈህϡ䳔㽕ݡᠿᦣ᭄ᑧˈা䳔Ϣ
ᴀ᭛ゴ᠔䆎䗄ⱘḌᖗݙᆍDŽ
᪡ৢ䅵ㅫ↣ϾѠ䖯ࠊԡϞ ⱘϾ᭄ህৃҹᕫࠄ䆹ሲᗻ䲚
ড়᭄ᑧЁߎ⦄ⱘ᭄ˈ䅵ㅫϞ䗄ⱘ乥䲚ⱘᬃᣕᑺϞ
II. Ѣ݇㘨㾘߭ⱘܹ։Ẕ⌟ᡔᴃ
ޣᇥњᠿᦣ᭄ᑧ᠔⫼ⱘᯊ䯈DŽᬍ䖯ৢⱘㅫ⊩˖
ӫⱘ㔥㒰ܹ։Ẕ⌟㋏㒳Ёˈৃҹ⫼ⳌѦ݇㘨ⱘߚ 䕧ܹ˖㒣䖛Ꮧᇨ࣪ⱘ᭄ᑧ 5᳔ᇣᬃᣕ䯜ؐ PLQBVXS
ᵤᮍ⊩ᶹߎ⾡㸠ЎП䯈ⱘⳌ݇㘨ᗻDŽҢ㗠ᕫߎᰃ৺᳝ܹ 䕧ߎ˖/Mˈ5 Ёⱘ乥㐕乍䲚DŽ
։㸠ЎDŽ݇㘨㾘߭ᣪᥬᰃ᭄ᣪᥬ᳔Ўᑓ⊯ᑨ⫼ⱘᡔᴃП / ILQGBIUHJXHQWBBLWHPVHW5
ϔˈгᰃ᳔ᮽ⫼Ѣܹ։Ẕ⌟ⱘᡔᴃDŽ⦄Ꮖ᳝⾡݇㘨㾘 IRUN /NĮN^
߭ㅫ⊩ˈ՟བ $SULRULㅫ⊩>@ህ㹿⫼Ѣܹ։Ẕ⌟DŽ݇㘨
3307
᳝ .''&83 ܹ։Ẕ⌟᭄䲚ⱘ ⱘ᭄᠔ҹᓖᐌ ো˖-/-˅⌢ᅕᄺ䰶 ᑈ᷵㑻䞥乍Ⳃ˄乍Ⳃ
ⲥ⌟ഫᅲ⦄Ёⱘ䇃Ꮒ䛑ℷᐌⱘ㣗ೈݙDŽᅲ偠䆕ᯢњᬍ ৡ˖Ѣ㔥㒰㸠Ўⱘ ,399 㔥㒰⌟䞣ᑨ⫼ⷨお乍Ⳃ㓪
䖯ৢⱘㅫ⊩㛑ℷ⹂⫳៤㾘߭DŽᬍ䖯ৢⱘㅫ⊩䖤㸠ᯊ䯈 ো˖.-/;˅ⱘ䌘ࡽˈৠᯊᛳ䇶ԡৠџ䆎᭛ݭ
ᬍ䖯ࠡⱘㅫ⊩ৠϔৄ䅵ㅫᴎϞⱘ䖤㸠ᯊ䯈ߚ߿Ў ߚ 䖛Ё㒭ќⱘϧϮϞⱘᓎ䆂ᣛᇐDŽ᳔ৢᛳ䇶ᆊҎⱘᬃᣕ
⾦ ߚ˒⾦DŽ⬅ℸৃҹⳟߎ䖤㸠ᯊ䯈Ϟ᳝њᯢᰒ Ϣ哧ࢅDŽ
㓽ⷁDŽҢ㗠ᦤ催њᬜ⥛DŽ
5()(5(1&(6
VI. 㒧ᴳ䇁 [1] [1]LiuXiaoMing,XiongTao .Research on Intrusion Detection
Technology Based on Data Mining [J],Moderm Computer 2010ˈ (4)ˈ
ᴀ᭛ᦤߎϔ⾡Ѣ᭄ᣪᥬⱘܹ։Ẕ⌟ൟˈ݊Ḍᖗ 78-79(In Chinese)
ᗱᛇᰃ߽⫼᭄ᣪᥬⱘᮍ⊩ˈҢ㒣乘໘⧚ⱘᑊϨࣙ㔥㒰 [2] [2]Yangxiangrong ,Songqinbao,Shenjunyi. Intelligentize Intrusion
䖲ֵᙃⱘᅵ䅵᭄Ёᦤপৃҹऎߚℷᐌܹ։ⱘ㾘߭ˈ Detection System BasedOn Data Mining [J] , Computer Engineering
2007, 27(9): 17-18, 102. (In Chinese)
ᑊϨ⫼ᴹẔ⌟ᰃ৺᳝ܹ։㸠ЎDŽᑊᘏ㒧њᅗⱘӬ⚍DŽ䩜ᇍ
[3] [3] WANG Jiamin; YAN Ren-wu; SHENG Ying-ying .Intrusion
$SULRUL ㅫ⊩Ё∖乥㐕䲚ᯊᠿᦣ᭄ᑧ ,2 䋳䕑Ҏⱘ䯂 Detection Technology Research Based on Data Mining [J] Science
乬ᦤߎњϔ⾡ᬍ䖯ࡲ⊩DŽЎњ偠䆕䆹ㅫ⊩ⱘৃ㸠ᗻˈ᭛ technology and engineering, 2008,˄08˅(In Chinese)
ゴ᳔ৢᅲ⦄њ䆹ܹ։Ẕ⌟ൟⱘⶹ䆚ᑧЁℷᐌ䖲㾘߭ⱘ [4] [4] Wangxuren,Xurongsheng.The research of association rule
mining.The fifth China Routh and software computer academic
ᣪᥬDŽᅲ偠㸼ᯢ䆹ൟ㛑ᦤপ⡍ᕕ⫳៤ᮄ㾘߭ˈᑊ䆕ᯢњ conference collected papers: A collect[C].ChongQing: Computer
ᮍ⊩ⱘৃ㸠ᗻ᳝ᬜᗻDŽ Science Publishing House, 2008(In Chinese)
[5] Agrawal R, SrikantR. Fast Algorithms forMining Association Rules [A].
BoccaJB, JarkeM, ZanioloC. Proceedings of the 20th
InternationalConference on VeryLarge DatabaseBases(VLDB 94)[C].
㟈䇶 CA:MorganKaufmann PublishersInc, 1994(10): 487-499.
3308