摘要
从如何完善和改进网络入侵检测系统的检测规则方面着眼,分析了入侵检测系统漏识和误识的原因,建立了一个网络入侵检测系统的模糊规则学习模型。文章首先证明了噪声环境下入侵行为的相似关系。并以入侵检测系统原有检测规则为基础,创建了基于权重的模糊检测规则。同时提出了一个反馈误差学习算法,用于对模糊检测规则进行改进以求达到识别的最优。模型可以方便地应用于各种基于规则的入侵检测系统。
This paper analyzes the cause of false-alarm and low detection rate of the intrusion detection systems. From the angle of mending the imprecision problem of detection rules, it creates a fuzzy rule study model for network intrusion detection system. First proved the equivalence relation of the intrusion actions in the noise environment. From the origin rules of the existing intrusion detection system, creates weight-based fuzzy detection rules. And a feedback study algorithm is proposed, with which it modifies the fuzzy detection rules to get the optimal results of recognition. This model can be easily applied in all kinds of existing ruled-based intrusion detection systems.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2005年第9期21-22,154,共3页
Computer Engineering
基金
国家"863"计划基金资助项目(2002AA142010)
关键词
入侵检测
模糊检测规则
反馈学习
Intrusion detection
Fuzzy detection rule
Feedback study