基于数据流挖掘技术的入侵检测模型与算法

来源期刊:中南大学学报(自然科学版)2011年第9期

论文作者:毛伊敏 杨路明 陈志刚 刘立新

文章页码:2720 - 2728

关键词:数据流;最大频繁项集;异常检测;误用检测

Key words:data streams; maximal frequent itemsets; anomaly detection; misuse detection

摘    要:

针对目前基于数据流关联规则挖掘技术的入侵检测系统响应速度不够快和检测精度不够高的问题,提出一个基于数据流最大频繁模式的入侵检测系统模型MMFIID-DS;设计各种剪枝策略,挖掘经过训练学习后的正常数据集、异常数据集和当前检测数据流的最大频繁项集,建立系统的正常行为模式、异常行为模式和用户行为模式,达到极大缩小搜索空间的目的,提高系统的响应速度;结合误用检测和异常检测2种入侵检测方法进行实时在线检测入侵,提高系统的检测精度。理论与实验结果表明:MMFIID-DS入侵检测系统具有较好的性能。

Abstract: Aiming at the current problems of inadequacy in intrusion-detection system response speed and detecting precision of data mining techniques based on association rules of data streams, an intrusion detection system model of MMFIID-DS based on maximal frequent pattern of data streams was proposed. A variety of pruning strategies were proposed to mine the maximal frequent itemsets on trained normal data set, abnormal data set and current data streams to establish normal and abnormal behavior pattern as well as user behavior pattern of the system in order to improve response speed of the system by greatly reducing search space. Besides, misuse detection and anomaly detection techniques were combined to implement online real-time intrusion detection and improve detection precision of the system. Both theoretical and experimental results indicate that the MMFIID-DS intrusion detection system is fairly sound in performance.

有色金属在线官网  |   会议  |   在线投稿  |   购买纸书  |   科技图书馆

中南大学出版社 技术支持 版权声明   电话:0731-88830515 88830516   传真:0731-88710482   Email:administrator@cnnmol.com

互联网出版许可证:(署)网出证(京)字第342号   京ICP备17050991号-6      京公网安备11010802042557号