摘要
针对入侵检测系统中的误用检测和异常检测两种检测方法存在的不足,在研究混合型入侵检测系统的基础上,提出一种混合型入侵检测系统的设计方案。设计方案将两种检测方法混合,误用检测采用模式匹配算法;异常检测是利用自组织神经网络对数据进行聚类,然后通过有监督的学习矢量量化对初聚类的数据进行再分类,使异常检测模式库有更加清晰的规则集。最后对系统的关键模块进行了仿真实验。仿真实验结果表明,此设计方案提高了混合入侵检测系统的检测能力和检测的准确率。
Aiming at the shortages of misuse detection and anomaly detection in intrusion detection system,on basis of researching hybrid intrusion detection system,a new design of hybrid intrusion detection system was proposed by studying it.Misuse detection module is based on Snort's pattern rules database.Anomaly detection is to use self-organizing neural network for data clustering,and then to classify these data by supervised learning vector quantization.Simulation of the key modules in this system was done successfully,and results show that the system improved capabilities and accuracy of the hybrid intrusion detection system.
出处
《计算机技术与发展》
2010年第6期148-151,共4页
Computer Technology and Development
基金
教育部新世纪优秀人才支持计划项目(NCET-04-0843)
重庆市信息产业发展基金项目(200611009)
重庆市自然科学基金资助项目(2005BB2192)
关键词
入侵检测
误用检测
异常检测
神经网络
intrusion detection
misuse detection
anomaly detection
neural networks
