摘要
入侵检测系统是一种检测网络入侵行为并能够主动保护自己免受攻击的一种网络安全技术,是网络防火墙的合理补充。文中分析了入侵检测系统的通用模型,介绍了入侵检测系统的分类,给出了传统的网络检测技术,在此基础上,详细讨论了数据挖掘技术及其在入侵检测系统中的应用,提出了一个基于数据挖掘技术的入侵检测模型,该模型采用了数据挖掘中的分类算法和关联规则。经过实际测试,该模型能够使网络入侵检测更加自动化,提高检测效率和准确度。
IDS(Intrusion Detection System) is a network security technology which is used to detect network intrusion and actively protect itself from network attacks. IDS is a rational supplement of network firewall. In this paper,analyze the common model of IDS, introduce some kinds of IDS and put forward the traditional technology of network detection. On this basement,DM(Data Mining)and its application in IDS are discussed in detail and put forward an intrusion detection model based on DM. Sorting algorithm and association rules of DM are used in this model. It can make network intrusion detection more automatic and improve the efficiency and accuracy of intrusion detection.
出处
《微机发展》
2005年第2期47-49,共3页
Microcomputer Development
关键词
入侵检测
数据挖掘
分类
关联规则
intrusion detection system
data mining
classification
association rules