基于数据挖掘的入侵检测设计与实现

Research and Implementation of Intrusion Detection Based on Data Mining

在现有的Intrusion Detection System(IDS)中,如果出现新的攻击方法或者网络环境的改变,经常需要更新已安装的IDS 系统,但更新IDS特征库和适应网络环境是一个费时而缓慢的过程。利用数据挖掘技术,通过学习已有的攻击和正常活动数据, 提取攻击规则,然后把这些规则应用到误用检测和异常检测中,这样系统可以有很高的自适应性,规则的更新和系统的更新很快费用也很低廉,而且检测率较高,通过实验证明将数据挖掘运用到入侵检测系统中是可行的、有效的。

There is often the need to update an installed Intrusion Detection System（IDS）due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual encoding of expert knowledge, changed to IDSs are expensive and slow. However, the data mining techniques in discovering behavior features have a big advantage. In this models, first features and rules from the training data are extracted, then using these rules to detect new intrusion, by using this means, updating rules and syst.em will be more faster and cheaper. The diction rate is high, the result proves that using data mining technology for building Intrusion Detection System is feasible and availably.