摘要
针对基于特征的网络入侵检测系统(NIDS)高误报率的弊端,提出了利用数据挖掘技术来减少误报的方法.首先对基于特征的NIDS的正常警报模式进行建模,使用Apriori-KNN算法对NIDS持续输出的警报进行过滤,然后对真正的警报输出进行处理,从而减少入侵检测系统的误报率.采用DARPA数据集和真实数据进行测试,结果证明,在不改变现有配置的情况下,本方法可有效地降低NIDS的误报率.
For signature-based network intrusion detection systems(NIDSs)which suffering from the problem of high false alarm rate,we propose a new method of using data mining technology to reduce the number of false alarms. In this paper,we first model the normal alarm mode of signature-based NIDS and use the false alarm filter based on the Apriori-KNN algorithm to filter the alarm that is continuously output by signature-based NIDS,and output a real alarm and process it. The experiments base on the DARPA data set and the real data,it is proved that this method can effectively reduce the false alarm rate of NIDS without changing the existing configuration.
作者
翟继强
马文亭
肖亚军
ZHAI Ji-qiang;MA Wen-ting;XIAO Ya-jun(College of Computer Science and Technology,Harbin University of Science and Technology,Harbin 150080,China)
出处
《小型微型计算机系统》
CSCD
北大核心
2018年第12期2632-2635,共4页
Journal of Chinese Computer Systems
基金
黑龙江省自然科学基金项目(F2016024)资助
黑龙江省教育厅科技面上项目(12531121)资助