In the shareable open operation circumstance, Intrusion Detection
system(IDs) become the indispensable component to ensure the security of
network resources. Aiming to discover and identify the intrusion behavior,
intrusion detection is a technology of information discrimination and detection,
and, from the data-driven point , also a process of data analysis. In the
correlative research field, e.g., fraud detection, and fault management, data
mining methods have made considerable success. Nowadays, the application of
data mining to intrusion detection has gained more and more attention.
A novel data visualization method, data field, is firstly proposed in this
paper. Data field can easily and directly show the holistic feature of the data
distribution through using potential function to describe the property of data
field, and the equi-potential line or surface to indicate the potential field of the
data space. Considering the concept of data field in clustering problem, an idea 数据挖掘研究院
of visualized interactive clustering method is introduced here. This paper also
proposed two anomaly detection methods to network intrusion, which are based
on the techno logy of clustering and outlier detection respectively, and evaluated
their performance on the network connection data sets. Based on the association
analysis of system call sequences of sendmail process and the classification of
normal and abnormal behavio r sequence database, an effective frequent pattern
mining algorithm is present in this paper, through which the typical patterns of
system call sequence in the form of association rules are discovered to
discriminate the normal and abnormal process. Furthe rmore, the classification
rules are obtained to detect the intrusion attempt or behavior in the system
process. Finally, this paper discussed the problem existing in current frequent
sequential pattern mining algorithms, and proposed a novel algorithm.
Experiment studies show that this algorithm performs better on the efficiency 数据挖掘研究院
and expansibility than GSP algorithm.
Key words: intrusion detection; data intrusion; anomaly detection; data field;
frequent pattern; frequent sequential pattern
