摘要
误用检测由于其检测率高、误报率低,是目前入侵检测系统主要采用的技术。攻击模式作为判定网络行为是攻击行为还是正常行为的依据,因此,攻击模式的获知是当前误用检测的研究热点之一。基于入侵行为和正常行为具有不同的数据特征,可以把入侵行为数据看成是异常数据这一思想,提出一种基于最大频繁项目集的孤立点挖掘算法,生成攻击模式规则。通过KDD CUP 99数据集对提出的方法进行评估,并与其他算法进行对比,表明该方法具有更好的检测率和误报率。
Due to its high detection rate and low false alarm rate,misuse detection is the main technology used in intrusion detection system.Attack patterns are the basis of judging whether network behavior is attack or normal behavior,so the acquisition of attack mode is one of hot study points of misuse detection at present.Based on the idea that intrusion behavior and normal behavior have different data characteristics,intrusion behavior data can be regarded as abnormal data,an outlier mining algorithm based on maximum frequent item sets is proposed to generate attack pattern rules in this paper.The KDD CUP 99 dataset is used to evaluate the performance of the proposed method.Compared with other algorithms,the proposed method is significantly superior to other algorithms in detection rate and false positive rate.
作者
孙中魁
申利民
陈磊
SUN Zhongkui;SHEN Limin;CHEN Lei(Yanshan University,Qinhuangdao Hebei 066000,China;Qinggong College,North China University of Science and Technology,Tangshan Hebei 063000,China;North China University of Science and Technology,Tangshan Hebei 063000,China)
出处
《自动化与仪器仪表》
2020年第6期107-111,共5页
Automation & Instrumentation
基金
国家自然科学基金(No.61772450)
河北省科技厅计划项目(No.15210706)
河北省自然科学基金资助项目(No.F2017203307)。
关键词
误用检测
孤立点挖掘
攻击模式
misuse detection
outlier mining
attack patterns
