摘要
基于数据挖掘技术的入侵检测技术是近年来研究的热点,目前有不少入侵检测系统中都采用了关联分析的数据挖掘方法,现有的关联分析算法只能够解决数据中分类属性的挖掘,对于数值属性则不能直接使用,然而网络流量数据中包含了许多反映入侵状况的数值属性,已有学者提出了将数值属性先进行分类而后再进行关联分析的挖掘方法,然而这种方法带来的问题是在进行异常和正常划分时存在明确的界限,即“尖锐边界问题”,由于网络安全概念自身具有一定的模糊性,因此明确的界限可能会导致误报和漏报的情况产生,从而影响检测效果,文中提出了一种基于模糊关联挖掘技术的入侵检测算法,并采用遗传算法确定划分模糊集合的隶属度函数参数,最后的实验结果说明了该算法的有效性。
Intrusion detection system is a newly emerging and promising security measure. Data mining methods have been used to build automatic intrusion detection systems based on anomaly detection. The goal is to characterize the normal system activities with a profile by applying mining algorithms to audit data so that abnormal intrusive activities can be detected by comparing the current activities with the profile. This paper provides a new Intrusion Detection method based on data mining technology and combines fuzzy logic with apriori mining method. By grouping the quantitative attributes in network traffic according to fuzzy set, and by using genetic algorithm to construct the membership functions that state the fuzzy set, the existing "sharp boundary" problem can be avoided if the classic set theory is adopted. The experiment result shows that this combining fuzzy logic data mining method is an effective anomaly detection way.
出处
《空军工程大学学报(自然科学版)》
CSCD
北大核心
2006年第6期68-71,共4页
Journal of Air Force Engineering University(Natural Science Edition)
基金
国家自然科学基金资助项目(60573101)
关键词
数据挖掘
入侵检测
模糊逻辑
遗传算法
关联分析
data mining
intrusion detection
fuzzy logic
genetic algorithm
association analysis
