摘要
入侵检测系统(IDS)的任务是监视计算机系统或网络中的事件,分析、反映隐藏的安全问题。基于数据挖掘的IDS由数据收集、数据挖掘、模式匹配及决策等模块组成。通过挖掘算法、关联规则、规则匹配等确定入侵。该系统可检测新型攻击和已知攻击的变种;自动处理数据,抽取有用成分;剔除重复攻击数据;自动提取肉眼难以发现的网络行为模式等。
The task of intrusion detection system (IDS) is to monitor event in computer system or network resources, and to analyze and possibly prevent hidden security problems. Data mining-based IDS are composed of data collection, data mining, mode match and module of making policy etc. The intrusion was confirmed through mining algorithm, association rule, rule match etc. The system can detect the new-type mutation that attacks and already knowing to be attacked, can automatically pre-process data and draw out useful component, eliminate repeat the repeated data of attacking, and Draw the network behavior mode that naked eye is difficult to find and wait automatically.
出处
《兵工自动化》
2004年第4期31-33,共3页
Ordnance Industry Automation
关键词
入侵检测
数据挖掘
关联规则
Intrusion detection
Data mining
Association rule
