Research on Data Stream Technology in Computer Network Security Monitoring

Abstract

With the rapid and bursting development in the subject of computer science and data mining technology, the combination of data analysis and network security is indeed needed. In response of the fact that traditional intrusion detection systems are not able to fulfill the requirements for specific network security, such as fast processing speed, stronger defense capability, and higher real-time performance. We propose a model based on network security on the integration of data stream mining and intrusion detection, after comparing data stream clustering methodology with other state-of-the-art clustering algorithms, we choose the former to act as the selected clustering algorithm. Finally, with the case analysis and simulation experiment, we illustrate the robustness and effectiveness of our proposed methodology. Introduction Intrusion detection technology as a supporting mechanism for network security can monitor and detect unauthorized network usages or abnormal conditions without affecting network performance, and then counter such phenomena, thereby attaining the aim of network security defense [1]. With the improvement of network performance as well as diversification of attack technology, however, the network security defense of traditional intrusion detection systems is faced with new challenges. In 1999, from the computer intrusion detection system research of Li science department, Columbia University, the application of data mining technology applied to intrusion detection systems for the first time. This research project is a part of the DARPA for the U.S. Department of defense. Experiments show that this method can improve the detection rate without prejudice to any other model performance test system. In the project of MADAMID (system data mining intrusion detection framework construction characteristics and model of the Columbia University in the United States), a kind of method, more automatic than by manual information system engineering, through construction of an intrusion detection system and data mining technology. Association rules and frequent episode rule proposed remedies more and more predictable characteristics. In China, Graduate School of Chinese Academy adopted the hierarchical cooperation as a model in an effort to analyze security audit data with data mining algorithms and help the system not only automatically generate intrusion detection rules but also establish anomaly detection models. Tsinghua University came up with a framework for collaborative intrusion detection system (COIDS) based on the method of data mining, and adopted a three-layer (Agent/Manager/UI) entity structure to establish a detection model by various methods of data mining. In fact, Data Mining Intrusion Detection Based on the many achievements have been made, some of which even in use to a certain extent. In such a feature is the larger amount of data for network transmission, faster speed, more means of access, network protocol update ceaselessly, how to improve the protocol intrusion detection system of recognition and processing will be a new problem, it has become a hot topic research in network security question. In this paper, we present a novel network security model built on the integration of data stream mining and intrusion detection system [2].