Method for Constructing Network Intrusion Detection Model Based on Improved Apriori Algorithm

Abstract

While the efficient information age brings convenience to people, it is also accompanied by myriad network dangers. In order to detect and respond to frequent network attacks, this research introduces the improved Apriori algorithm and K-means algorithm, and establishes a network intrusion detection model based on these two algorithms. The PR curves of the two algorithms before and after the improvement indicate that the AP value of the improved Apriori algorithm is 0.9972, which is significantly higher than that before the improvement, 0.9324. In addition, two datasets, testSet and Iris, were used to test the three improved K-means algorithms. Results show that the L-kmeans algorithm has the highest clustering accuracy, with an
improvement of about 19% on the testSet dataset, and the accuracy of the L-kmeans algorithm on the Iris dataset is increased by about 14%. Finally, the performance of the improved model is verified by the detection efficiency of Snort. The most significant change in this improvement method is that in terms of false detections, the number of dangerous behaviors identified as normal data and the number of normal data behaviors identified as dangerous behaviors are significantly reduced by 53.0% and 32.0%, respectively. At the same time, the number of undetected dangerous behaviors and normal data behaviors also decreased by 37.4% and 36.5%, respectively. The accuracy, stability and efficiency of the model are verified by simulation experiments.

Keywords: network security; intrusion detection, association rules; data mining; Apriori

Cite As

L. Wu, "Method for Constructing Network Intrusion Detection Model Based on Improved
Apriori Algorithm", Engineering Intelligent Systems, vol. 32 no. 2, pp. 165-174, 2024.