Snort improvement method based on data mining algorithm

A data mining and algorithm technology, applied in the field of information security, can solve problems such as inaccurate clustering results, achieve the effects of reducing packet loss rate, improving performance, and reducing false positive rate and false negative rate

Active Publication Date: 2020-06-02
CHONGQING UNIV OF POSTS & TELECOMM +1
View PDF4 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the Kmeans algorithm has been criticized by people for its inaccurate clustering results due to the randomness of its initial clustering center k.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Snort improvement method based on data mining algorithm
  • Snort improvement method based on data mining algorithm
  • Snort improvement method based on data mining algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The technical solutions in the embodiments of the present invention will be described clearly and in detail below with reference to the drawings in the embodiments of the present invention. The described embodiments are only some of the embodiments of the invention.

[0035] The technical scheme that the present invention solves the problems of the technologies described above is:

[0036] In this embodiment, a method for improving Snort based on a data mining algorithm is performed in the following steps.

[0037] Step 1: The Snort system obtains the data P on the network and specifies the clustering radius r

[0038] While using the Snort network sniffer to obtain data on the network, the data in the normal database is clustered according to the clustering radius r using the improved K-means algorithm.

[0039]Among them, the K-means algorithm is improved. Using K-Nearest Neighbor Non-parametric Probability Density Algorithm combined with traditional K-means cluste...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a Snort improvement method based on a data mining algorithm. The method comprises the following steps that: acquiring, by an intrusion detection Snort system, data P on a network; carrying out similarity clustering on the P and a normal behavior database by utilizing an improved K-means algorithm, if the similarity is smaller than a clustering radius r, judging the P and the normal behavior database as normal data, and directly skipping a misuse detection process of Snort; otherwise, comparing the data with the abnormal database in the Snort again, calculating the similarity between the data and each abnormal behavior class, if the data can be clustered in the abnormal behavior classes, indicating that the data is of an abnormal data type, and sending out a corresponding alarm by the system; and if the abnormal class still cannot be clustered, adding the abnormal class to the normal database, and updating the normal behavior database again. Most of the data onthe network is normal data, the abnormal data only occupies a small part, the clustering accuracy of the improved K-means algorithm is high, and the data processed by misuse of a detection engine canbe greatly reduced through the above mode, so that the overall detection accuracy and efficiency of the Snort system are improved.

Description

technical field [0001] The invention belongs to the technical field of information security, and relates to a method for improving Snort based on a data mining algorithm. Background technique [0002] With the rapid development of the network, the "Internet +" model has been widely used. At the same time, network intrusion technology is also developing, the security situation of the Internet and information communication networks is more severe, and the impact of deliberate attacks and sabotage is more extensive. In the face of complex and diverse attack methods, the traditional database security mechanism is somewhat weak. Intrusion detection is a new generation of security defense technology. IDS Snort is a network intrusion detection system (Network IntrusionDetection System.NIDS), which has a very important position in the industry, especially in the domestic security industry. It is regarded as the industry standard; Snort is an easy-to-extend open source NIDS, which ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1416H04L63/1425G06F18/23213
Inventor 张功国李恩燕
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap