摘要
网络型异常检测的关键问题在于建立正常模式,将当前的系统或用户行为与建立好的正常模式进行比较,判断其偏离程度。简单介绍了数据挖掘算法以及基于数据挖掘的入侵检测系统的分类,从不同分类的角度介绍了数据挖掘方法在入侵检测系统中的应用。重点对比了模式比较的各种方法,并且使用网络型异常检测方法验证收集的正常数据是否充足的问题。
The key issue of anomaly NIDS is building normal patterns, comparing current system or user behaviors with history behaviors, and then detecting intrusion. We introduced some data mining algorithms, presentd a classification method of IDS based on data mining, and described the process of data mining application in anomaly NIDS from network layer and application layer. We proposed three methods of pattern comparison in detail, and verified that the obtained normal audit data is enough for network layer anomaly NIDS.'
出处
《计算机应用》
CSCD
北大核心
2003年第12期20-23,共4页
journal of Computer Applications
基金
国家 86 3计划项目 (2 0 0 1AA1 42 0 3 0 )
关键词
数据挖掘
异常检测
关联规则
序列模式
data mining
anomaly detection
association rules
sequence pattern
