Abstract:
Network data are always high-speed and unlimited. Typical data mining methods, which always do multi-scanning to databases, do not fit in with constructing intrusion detection model for high-speed network data streams. Proposed in this paper is a new intrusion detection model based on mining multi-dimension data streams. It combines anomaly detection mechanisms with misuse detection techniques, and thus it can mine new attack types as well as anomaly detection techniques do, and has a high detection efficiency like the misuse detection mechanism. In fact, a network access data stream has a complex structure, that is, an accessing behavior always needs a lot of attributes to express, and so analyzing a network access data stream is a hard work. Through using the multi-frequency technique, this paper solves the problems of pattern expression and generation for network access data streams. A new data structure called MaxFP-Tree is proposed, and a new algorithm called MaxFPinNDS to mime frequent patterns from data streams is designed. Due to using damped window techniques, the algorithm MaxFPinNDS can efficiently and effectively find out maximal frequent itemsets in recent period of a data stream. The experiment results show that the proposed algorithms and models are very effective to intrusion detection on network.