摘要
针对一种多点检测集中决策的入侵检测系统检测引擎的设计方案,提出了其基本检测引擎的实施策略.该策略将滑窗技术运用于数据挖掘算法,大大提高了检测效率及检测准确度.给出了对数据挖掘算法Apriori的改进思想,改进后的算法不需要频繁搜索数据库中所有的项,并且由频繁(n-1) 谓词集连接生成候选n 谓词集时不连接具有相同谓词的项,又一次大大减少了下一次搜索的项数,依次形成良性循环.测试结果表明改进后的算法在很大程度上能提高算法的效率并且更适合网络数据的挖掘.
We discuss our research in developing the detection engine of the intrusion detection system. The key ideas are to combine the slide window into the data mining technique to design the base detection engine which is the essential share of the meta detection engine. In addition, Apriori, a kind of data mining algorithm, is improved to mine network data. The improved algorithm does not scan all items in database and only links the items in the same list, so the detection efficiency is improved greatly. Also, other key details in IDS are put forward.
出处
《西安电子科技大学学报》
EI
CAS
CSCD
北大核心
2004年第4期574-580,共7页
Journal of Xidian University
基金
国家自然科学基金资助项目(60132030
69972034)
关键词
入侵检测
数据挖掘
网络安全
intrusion detection system
data mining
network security
