基于数据挖掘的三层入侵检测模型研究及应用

The Application Research of Layered Model of Intrusion Detection based on Data Mining

本文针对现有入侵检测系统的不足,根据入侵和正常访问模式各种不同的网络数据表现形式以及特定数据分组的出现规律,提出分层的网络检测模型,并在各个检测层建议运用不同的数据挖掘方法代替人工方法抽取入侵特征,以达到提高检测速度和克服人工抽取入侵特征的主观性目的。其中运用的数据挖掘算法主要有:关联挖掘、数据分类。

In order to make up the limitation of the current IDS, a layered model is proposed for intrusion detection system, which is based on the studying of the behavior of the network traffic data. In this model, data mining techniques are introduced to extract intrusion characteristics instead of manual work in order to speed up detection and avoid subjectivity existed in handiwork. Some data mining tech- niques are adopted such as association analysis, classification and so on.