摘要
基于误用的入侵检测和基于异常的入侵检测是入侵检测的两种常用技术。目前大多数的入侵检测系统没有检测未知入侵的能力,甚至对已知入侵的微小变化也显得无能为力。人工免疫系统虽然可以较好地解决这一问题,但其本身也存在着难以建立自我库的难点。作为一种数据挖掘技术,聚类算法可以有效建立两种入侵检测技术之间的联系,在收集大量实际数据的基础上得到自我、非我库的初始输入集,使人工免疫系统和实际的入侵更好地匹配。
Anomaly and Signature-based Intrusion Detection Systems (IDS) are two of the most common techniques. Most intrusion detection systems today lack the ability to detect unknown intrusions. Even a very slight variation from known intrusions will go undetected. Although artificial immune system (MS) can resolve this problem, it has the difficulty to establish the self - base. As a technique of dat- amining, clustering algorithm can combine this two intrusion detection techniques together and get the self/nonself-base to work on a great number of practical data to make the AIS match the real intrusions much better.
出处
《实验科学与技术》
2006年第4期8-10,17,共4页
Experiment Science and Technology
基金
四川省科技开发资助项目(04JY029-017-1)
关键词
人工免疫系统
入侵检测
聚类算法
数据挖掘
artificial immune system
intrusion detection
clustering algorithm
data mining
