摘要
入侵检测技术是一种主动保护自己免受攻击的网络安全技术,入侵检测系统处于防火墙之后,在不影响网络性能情况下对网络活动进行实时监测。传统的入侵检测系统面对海量的信息数据,不能及时有效地分析处理这些数据,而数据挖掘技术的运用正好能够满足入侵检测系统的要求,合理的分析数据,有效处理数据。文章针对目前入侵检测系统中存在的一些问题,重点阐述了数据挖掘算法在异常检测和误用检测中的具体应用。对于异常检测,主要运用了分类算法;对于误用检测,主要运用了聚类算法、关联规则和孤立点等算法。最后根据基于数据挖掘的入侵检测系统的主要优点对目前数据挖掘算法在入侵检测中应用所面临的难点进行了分析,并设计了国内第一个数据挖掘混合技术的入侵检测算法实例。
With the rapid development of computer technology, the degree of further strengthening the sharing of network resource, the resource sharing, the problem of network security has attracted increasing attention, the intrusion detection technology is an active protection against the attack of network security technology, intrusion detection systems in the firewal. The traditional intrusion detection systems in the face of vast amounts of information and data analysis of these data, can not be timely and effective treatment, using the data mining technology is able to meet the requirements of the intrusion detection system, data analysis and reasonable, effective data processing. In this paper, explain the importance and necessity of intrusion detection,according to the domestic and international situation, mining technology and intrusion detection technology based on the data, in the light of some problems existing in current intrusion detection system, expounds the data mining algorithm in the practical application of anomaly detection and misuse detection.Final y, in accordance with the analysis of the difficulties the main advantages of intrusion detection system based on data mining is the application of data mining algorithms in the intrusion detection system, and point out the research direction in the future.
关键词
网络安全
入侵检测
数据挖掘
关联规则
聚类
network security
intrusion detection
data mining
association rules
clustering