摘要
模糊入侵识别引擎是一个用模糊理论来针对计算机网络的恶意活动的网络入侵检测系统。本文将模糊理论中知识的模糊表示、特征的模糊匹配及模糊推理用于入侵检测中,提出了一种新的模糊入侵识别引肇(IFIRE)。以具有模糊属性的特征元素为最小成份,组成模糊特征因子、模糊特征表达式及模糊特征树来描述具有模糊特性入侵活动特征的知识体系;通过特征因子的相似度计算进行特征的模糊匹配;最后,用基于产生式规则的模糊推理进行检测决策。该方法能有效地降低误报率及漏报率。
The Fuzzy Intrusion Recognition Engine (FIRE) is a network intrusion detection system that uses fuzzy systems to assess malicious activity against computer networks. This paper originally explores some fuzzy theories, including fuzzy knowledge expression, fuzzy match and fuzzy inference, geares towards intrusion detection. The model of FIRE based on above fuzzy theories is built and discussed in detail. The intrusion features are presented by fuzzy elements,fuzzy factors,fuzzy expression and fuzzy trees. Fuzzy match is carried out by calculate of resemblance. Finally decisions are made by fuzzy inference. These methods can effectively improve the false negative rate and false positive rate of IDS.
出处
《计算机科学》
CSCD
北大核心
2004年第7期87-90,共4页
Computer Science
基金
国防科工委应用基础基金(NO.J1300D004)
江苏省自然科学基金(NO.BK2001055)
江苏省南通市青年学术带头人带课题进修计划(NO.Z3008)