An improved model of Snort system based on data mining
基于数据挖掘的Snort系统改进模型

An improved model of the Snort network intrusion detection system based on the theory of data mining was proposed, regarding the problem that Snort is powerless to new types of intrusion. In the new model, normal behavior patterns mining module, anomaly detection engine module and new rules generating module were added to the Snort system. By these improvements the system has double capacity of learning rules from new intrusions and learning normal behavior patterns from normal data. The test result shows that new types of intrusion can be detected effectively, the false negative of Snort can be reduced, and the detection efficiency of the system has been enhanced.