摘要
入侵检测通过收集各种网络数据,从中分析和发现可能的入侵攻击行为。为了增强入侵检测从海量数据中发现攻击行为的能力和提高入侵检测的智能性,数据挖掘被引入到入侵检测领域,以实现智能化的知识发现和入侵检测模型的建立。聚类分析是数据挖掘中的一种重要的技术,能够通过无监督的学习过程发现隐藏的模式,具有独立地发现知识的能力。现有大量关于其在入侵检测领域的应用研究,各种聚类分析方法及改进措施被用于从不同的训练数据集建立入侵检测模型,成为对整个检测系统的一个有力补充。对现有文献中典型的基于聚类的入侵检测模型作了全面的介绍和适当的比较分析,提出了进一步的研究建议。
Intrusion detection system can discover potential intrusion behaviors by collecting and analyzing various network data. In order to enhance the detection capacity and intelligent level of Intrusion Detection System (IDS), the data mining techniques were incorporated to IDS to achieve automatically knowledge discovery and modeling. Clustering analysis is an important data mining technique that can independently discover hidden modes and knowledge by unsupervised learning. There are a plenty of researches about its appliances to intrusion detection field and various clustering techniques are improved and used to build intrusion detection models that are powerful complements for the integrity detection system. An all-around introduction and analysis of clustering-based intrusion detection models in existing literatures was presented, and the future research directions were also advised.
出处
《计算机应用》
CSCD
北大核心
2008年第B06期34-38,42,共6页
journal of Computer Applications
基金
武汉市科技攻关计划项目(200710421130)
关键词
聚类
数据挖掘
入侵检测
clustering
data mining, intrusion detection
