摘要
入侵检测系统(IDS)成为目前动态安全工具的主要研究和开发方向。异常检测和误用检测是应用在IDS中的两种主要技术,本文把应用在异常检测中的Markov链和误用检测中的模式匹配结合起来,同时采用分组交换检测机制,一定程度上降低了IDS的误报率和漏报率,提高了系统的检测速度。而数据挖掘技术的引入,使系统具有了自动化能力。
At present time Intrusion Detection System(IDS)becomes the main research and develop- ment in the dynamic safe tool.Anomaly Detection and Misuse Detection are two kinds of the main technique that are applied in IDS.This paper integrates Markov chain applied in Anomaly Detection with Pattern matching applied in Misuse Detection and adopts grouping and exchanging detection.To a certain extent they reduce the false positive rate and the false negative rate and improve the detection speed of IDS.And data mining...
出处
《自动化与仪器仪表》
2008年第4期28-30,36,共4页
Automation & Instrumentation
关键词
入侵检测
数据挖掘
MARKOV链
模式匹配
Intrusion detection system(IDS)
Data mining
Markov chain
Pattern matching