Processing Massive Data Streams to Achieve Anomaly Intrusion Prevention

Intrusion prevention system is an important technique in the network security architecture. Most of the modern intrusion detection systems lack the ability to process massive data streams to achieve anomaly detection. Instead of Intrusion detection, Intrusion prevention system can be used for both servers and end-hosts to handle the dual challenges of accuracy and performance which the former lacks. Intrusion prevention can be done by processing the data stream on fly. It is a difficult issue since the streaming data have some tough characteristics, such as unknown or unbound size, possibly a variable arrival rate, lack of ability to backtrack over previously arrived transactions, and a lack of system control over the order in which the data arrive. Many applications rely directly or indirectly on finding the frequent items, and implementations are in use in large scale industrial systems. This paper will find a network model which is more suitable for high speed processing of massive data streams in real-time from various data sources by considering the frequency property of events. An Intrusion prevention system have been built with online mining of frequent item sets over a stream with Time-sensitive sliding window, which is one of the most important technique in stream data mining with broad applications. Our method is employed to prevent the system with high efficiency and low use of system resources.