摘要
针对基于规则和模型的入侵检测专家系统中难以建立和表达入侵检测规则的问题,利用基于案例推理(CBR)方法对知识要求的低依赖性,将它引入入侵检测(ID)领域,提出了基于案例推理的入侵检测关联分析(CBRIDRA)模型的框架,研究了系统各功能模块,并对其中攻击案例定义、攻击案例检索、攻击案例管理、专家知识系统等关键技术的解决思路和实现方法进行了讨论。
The rule-eased reasoning and model-cased reasoning Intrusion Detection Expert Systems(IDES) face difficulties in acquiring and representing the knowledge.When using a Case-Based Reasoning(CBR) approach,knowledge acquisition is basically capturing actual experiences of past cased.In this paper,a new framework and prototype based on ease-based reasoning is proposed.We research function module in CBRIDRA,and discuss the solving idea and implementing approach of some critical techniques:defining attack case,attack case's retrieval,managlng case,expert knowledge systems.
出处
《计算机工程与应用》
CSCD
北大核心
2006年第4期138-141,共4页
Computer Engineering and Applications
基金
国家自然科学基金资助项目(编号:60243001)
国家863高技术研究发展计划资助项目(编号:2001AA140213)
国家杰出青年科学基金资助项目(编号:6970025)
关键词
网络安全
基于案例推理
入侵检测
network security, Case-Based Reasoning, intrusion detection