Data Mining Based Intelligent Intrusion Detection System

In this paper we present an intrusion detection system model with the functions of self-learning and self-completing, which can detect the known and novel intrusion activities. In this model, the mobile agent gathers the data collected by the active detection agents and sends it to the event sequence generator. The later preprocess the data and commit the event sequences to data mining engine in order to form the evidence. The detection engine assesses the degree of similarity between the evidence and the rules in rule-lib, then the decision-making engine makes the final adjudication, it also maintains the rule-lib and sends instructions to all active detection agents to deal with various intrusions.