摘要
针对入侵检测系统中数据噪音干扰、响应速度难以与网络速度的增长保持同步、入侵模式不断变化和判别知识库不完备等问题,提出了一种基于本体映射的网络自适应入侵检测系统模型.在该模型中,数据信息和知识元经过训练形成本体知识库,同时对可预测和已知的特征数据进行挖掘,形成特征库;对于待测数据集进行本体训练,对其本体和本体知识库进行映射,相似度低于系统安全阈值的数据集参考特征库进行特征分析,若属于用户误用操作,给予建议,否则,属于异常数据,予以报警;每次检测结束,对本体库和特征库进行实时更新.该模型通过本体映射模糊判断和特征库具体分析相结合的方式,有效的提高了检测效率和预警率.
according to the intrusion detection system,data noise interference with the response speed to keep pace with the growth of network intrusion model,knowledge changes and imperfect problem,this paper proposes a method based on ontology mapping network adaptive intrusion detection system model.In this model,data information and chunk trained to form ontology knowledge base,predictable and known characteristics,forming characteristics of data mining,To test data set,the ontology training on ontology and ontology mapping,similarity knowledge than system safety data collection reference library characteristic analysis,the characteristics of operation,if misused,otherwise,belong to suggest to alarm;abnormal data,Each test,to end an ontology and real-time update feature library.The model of fuzzy judgment by ontology mapping and feature library concretely analyzed combining,effectively improve the efficiency and warning.
出处
《湖南农业大学学报(自然科学版)》
CAS
CSCD
北大核心
2010年第S1期90-92,共3页
Journal of Hunan Agricultural University(Natural Sciences)
关键词
入侵检测
本体
相似度
特征分析
invasion detection
ontology
similarity
characteristic analysis
