摘要
通过对网络入侵的相关知识进行研究,提出了一种基于本体模糊映射和特征分析相结合的网络入侵检测模型;在研究中首先对知识元或数据信息集经过训练形成本体知识库,然后对已知入侵模式的特征知识元或数据信息集进行挖掘,形成特征库;当待测数据集开始检测时,先抽取其知识本体,对其本体和本体知识库中的本体元进行模糊映射,相似度在系统安全阈值范围内的,属于正常数据集,否则,置其入数据评估集,进行特征库匹配,匹配度低的数据信息集属于异常数据给予用户提示,予以报警;在待测数据集检测结束后,对本体知识库和特征库实时更新;该模型通过数据信息集的训练形成自有本体库,避免了数据噪音干扰,提高了检测效率和预警率。
By studying the knowledge related to network intrusion,this paper puts forward a network intrusion detection model based on ontology fuzzy mapping and feature analysis.In this study,knowledge element or message data set is trained to form ontology knowledge base,and then feature knowledge element or message data set of the known intrusion pattern is mined to form feature database.When dataset starts to be detected,its knowledge ontology is extracted first,and the notology element of its ontology and ontology knowledge base are fuzzily mapped.If the similarity degree stays in the safety valve value,the dataset is normal.Otherwise it is put into the data evaluation set and to be matched with the feature data.If the message data set of low matching degree belongs to abnormal data,the user will be prompted and warned.After the dataset is detected,the ontology knowledge base and the feature base must be updated in real time.This model,by training the message data set,forms self-ontology base,avoids data noise interference,and improves the detection efficiency and the early warning rate.
出处
《计算机测量与控制》
CSCD
北大核心
2012年第2期315-317,320,共4页
Computer Measurement &Control
基金
教育部春晖计划科学基金项目资助(S2008-1-63007)
关键词
网络入侵
本体模糊映射
特征分析
检测
模型
network intrusion
ontology fuzzy mapping
feature analysis
detection
model