期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

改进的时态关联规则在入侵检测中的应用 被引量:1

The Application of an Improved Temporal Algorithm of Association Rules to Intrusion Detection
下载PDF
导出
摘要 入侵检测系统的性能在很大程度上与它的检测规则有关,所以如何更快更有效地从网络数据中获取有效的检测规则对于一个IDS(入侵检测系统)来说就变得格外重要.本文在分析了传统关联规则算法缺点的基础上,对关联规则挖掘算法的优化策略和时态因素的分类处理重点进行了讨论.即在利用主属性约束最后规则的同时,提出了高频属性直接入选的策略.以更快地获取有效的入侵检测规则.实验测试结果表明,优化后的算法在挖掘速度和规则的检出率等性能上有较大提高,找到了一些原来被忽略的规则并剔除了一些不重要的规则,证明此优化算法是切实有效的. The capability of intrusion detection system is related to its detected rules greatly, so how to get the valid intrusion detection rules quickly from network data is very important to IDS(Intrusion Detection System). In this paper the drawback of the tradi- tional algorithm of association rule is analyzed. And then the optimizing policy about data mining algorithm and the method of disposing temporal data are discussed specially. The main attribute is used to restrict the final rules. And some attributes are included in the final rules directly according to their high frequency. The improved algorithm is more improved in mining speed and detectable probabilities of final rules. Some formerly ignored rules are discovered, at the same time some unnecessary rules are eliminated in the experimentation. The validity of the improved algorithm is proved by the experimentation.
作者 黄雯霆 吴顺祥 郑澜
机构地区 厦门大学自动化系
出处 《厦门大学学报(自然科学版)》 CAS CSCD 北大核心 2006年第5期652-655,共4页 Journal of Xiamen University:Natural Science
基金 福建省教育厅科技项目(Ja05290) 厦门大学信息"985"二期创新平台项目资助
关键词 入侵检测 网络安全 时态数据 关联规则 intrusion detection network security temporal data association rule
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献5

  • 1韩君,张焕国,罗敏.一种基于数据挖掘的分布式入侵检测系统[J].计算机工程与应用,2004,40(8):126-128. 被引量:5
  • 2王丽娜,董晓梅,郭晓淳,于戈.基于数据挖掘的网络数据库入侵检测系统[J].东北大学学报(自然科学版),2003,24(3):225-228. 被引量:30
  • 3劭峰晶 于忠清.数据挖掘原理与算法[M].北京:中国水利水电出版社,2003年..
  • 4[美]Richard Stevens W.TCP/IP详解,卷1:协议[M].范建华,胥光辉,张涛,等译.北京:机械工业出版社,1999.
  • 5Agrawal R,Imielinskia T,Swami A.Mining association rules between sets of items in large databases[C]//Proceedings of the 1993 ACM SIGMOD International Conference on Management of Data.USA:ACM,1993:207-216.

二级参考文献13

  • 1[1]W Lee. A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems[D].PhD thesis. Columbia Uni versity, 1999-06
  • 2[2]Lee W,Stolfo S J,Mok K W.Mining Audit Data to Build Intrusion Detection models [C].In:Stolarchuk ed. Proc of the 4th International Conference on Knowledge Discovery and Data Mining,New York:AAAI Press, 1998:212~225
  • 3[3]tcpdump [EB/OL].http:∥www.tcpdump.org
  • 4HANJ KAMBERM 范明 孟小峰译.数据挖掘概念与技术[M].北京:机械工业出版社,2001..
  • 5Feiertag R, Rho S, Benzinger L,et al. Intrusion detection inter-component adaptive negotiation[J]. Computer Networks, 2000,34(4):605-621.
  • 6Lee W, Stolfo S J. Data Mining approaches for intrusion detection[EB/OL]. http:∥www.cs.columbia.edu/~wenke/, 2000-12-03.
  • 7Manganaris S, Christensen M, Zerkle D, et al. A data mining analysis of RTID alarms[J]. Computer Networks, 2000,34(4):571-577.
  • 8Debar H, Dacier M, Wespi A. Towards a taxonomy of intrusion-detection systems[J]. Computer Networks, 1999,31(8):805-822.
  • 9Spafford E H,Zamboni D. Intrusion detection using autonomous agents[J]. Computer Networks, 2000,34(4):547-570.
  • 10Lee W, Stolfo S J, Mok K W. A data mining framework for building intrusion detection models[A]. Proceedings of the 1999 IEEE Symposium on Security and Privacy[C]. Oakland: IEEE, 1999.120-132.

共引文献34

同被引文献11

引证文献1

厦门大学学报(自然科学版)
2006年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部