163 / 2016-11-30 14:45:48

Intrusion Detection System Based on data mining for Host Log

intrusion detection, host log,ARIMA Time Series,Apriori algorithm

The traditional intrusion detection technology is mostly based on the needs of Web log, using a single data mining to improve the algorithm analysis, which cannot be used in an unknown environment of zero-knowledge rule database, and the efficiency of detecting the potential threats and abnormal behavior is not significant. Therefore, the Paper proposes an intrusion detection system based on data mining for host log. In the premise of zero-knowledge rule database, the combination between ARIMA time series modeling and misuse detection and the combination between Apriori association algorithm and anomaly detection effectively solve the problem of intrusion detection of host system from two dimensions of real-time detection and post detection. In this Paper, the intrusion detection system is designed, and the detection efficiency and the rate of the proposed hybrid mining pattern algorithm and the single data mining algorithm are compared. The experimental results show that the detection rate of the intrusion detection method with hybrid mining pattern is improved by 30% at least, and when the log scale is larger, the expressed detection rate is faster and the system stability is stronger.