摘要
随着Internet迅速发展,许多新的网络攻击不断涌现。传统的依赖手工和经验方式建立的基于专家系统的入侵检测系统,由于面临着新的攻击方式及系统升级方面的挑战,已经很难满足现有的应用要求。因此,有必要寻求一种能从大量网络数据中自动发现入侵模式的方法来有效发现入侵。这种方法的主要思想是利用数据挖掘方法,从经预处理的包含网络连接信息的审计数据中提取能够区分正常和入侵的规则。这些规则将来可以被用来检测入侵行为。文中将数据挖掘技术应用到入侵检测中,并对其中一些关键算法进行了讨论。最后提出了一个基于数据挖掘的入侵检测模型。实验证明该模型与传统系统相比,在自适应和可扩展方面具有一定的优势。
Along with the rapid development of Internet, many new network attacks emerge unceasingly. Traditional intrusion detection system (IDS) based on expert system depending on handwork and experience, is already very difficult to satisfy the existing application request now, because it is facing challenges from new forms of attacks and system upgrade. So it is necessary to find a method that can extract intrusion patterns from substantive network data automatically. The main idea is to apply data mining methods to learn rules that can capture normal and intrusion activities from pre - processed audit data that contain network connection information. These rules ean be used to detect intrusion behavior later. In this paper, data mining technology has been applied to intrusion detection, some algorithms of data mining have been discussed. Then a model of data- mining based on intrusion detection system has been proposed. The experiment proved that,compared with the traditional system, this model has certain superiority in auto-adaptive and extensive.
出处
《计算机技术与发展》
2006年第9期243-244,F0003,共3页
Computer Technology and Development
基金
江苏省高校自然科学研究基金项目(04KJB520095)
