摘要
基于数据挖掘技术的入侵检测技术是近年来研究的热点,然而,当前采用数据挖掘技术的入侵检测系统存在的一个主要弊端是当被保护的系统发生了一些变化或进行了一定程度的调整后,误报率会明显提高.本文提出了一种自适应入侵检测系统框架,该框架能够自适应的维护正常规则集,并且在不牺牲检测性能的情况下解决规则的重新计算问题,从而使正常行为轮廓中的规则可以不断更新,加入新规则,删除旧规则,并修改已有的规则的支持度和置信度,从而有效地解决了基于数据挖掘技术入侵检测系统规则集的及时更新问题.
Intrusion detection system is an emerging and promising security measure, which is to be against unauthorized internal intrusion and as effective protection against hackers in addition to firewall. Data mining methods have been used to build automatic intrusion detection systems based on anomaly detection. The goal is to characterize the normal system activities with a profile by applying mining algorithms to audit data so that abnormal intrusive activities can be detected by comparing the current activities with the profile. A major difficulty of any anomaly-based intrusion detection system is that patterns of normal behavior changed over time and the system must be retrained. IDS must be able to adapt to these changes,and be able to distinguish these changes in normal behavior from intrusive behavior. The paper describes a framework for an adaptive anomaly detection system that utilizes dynamic association rule mining.
出处
《西安工业学院学报》
2005年第2期122-125,共4页
Journal of Xi'an Institute of Technology
关键词
数据挖掘
入侵检测
关联规则
自适应
网络安全
data mining
intrusion detection
association rules
network security
adaptive
作者简介
高翔(1974-),男,西北工业大学讲师,博士,主要研究方向为计算机软件。
