Network intrusion detection method based on association rule classification

Abstract

The invention relates to a network intrusion detection method based on association rule classification. The network intrusion detection method comprises the steps of pre-processing network data, extracting an association rule, classifying network connection data and displaying a classification result. According to the invention, on the basis of an improved Apriori algorithm (Apriori-index), a KDDCup99 network connection data set, namely an international standard data set, is taken for example; firstly, the association rule is extracted from network connection data selected from the KDDCup99 network connection data set; then, test network connection data is classified according to the association rule; therefore, whether current network connection is attack connection or not can be judged; the specific attack type of the current network connection can also be judged; and related statistical data is displayed. The Apriori-index algorithm is more suitable for the KDDCup99 data set; the association rule extraction speed and the network connection classification speed are greatly increased; the accuracy of a detection result is also improved; and the disadvantages of slow classification speed and high false alarm rate in the traditional intrusion detection system are improved to a certain degree.

Description

technical field [0001] The method relates to the field of network intrusion detection systems, in particular to a network intrusion detection method based on association rule classification. Background technique [0002] Intrusion detection collects and analyzes network behavior, security logs, audit data, other information available on the network, and information on several key points in the computer system to check whether there are signs of violations of security policies and attacks in the network or system. It plays a very important role in the security of the network system and is an important supplement to the firewall. Intrusion detection can complete the protection of the network system without affecting the performance indicators of the network system. [0003] Applying data mining technology to network intrusion detection has become a research hotspot. There have been many research results in this area at home and abroad, but there are still some shortcomings and...

AI Technical Summary

Problems solved by technology

[0003] Applying data mining technology to network intrusion detection has become a research hotspot. There have been many research results in this area at home and abroad, but there are still some shortcomings and difficulties as follows: most data mining intrusion detection systems focus on anomaly detection or error detection. However, anomaly detection has a high rate of false alarms, and misuse detection has a high rate of false negatives; at present, most systems are quasi-real-time systems that cannot detect and respond to intrusions in a timely manner; in the face of different network environments , and constantly changing intrusion types, the current network intrusion detection system lacks adaptability

Images