摘要
入侵检测是通过收集系统内外部用户活动行为数据,在数据分析基础上准确识别异常行为的一种技术。基于数据挖掘的入侵检测系统,除了超前识别入侵行为外,还能提供针对性的防控措施,切实保障系统运行安全和用户隐私安全。本文首先介绍了几种常见的计算机入侵检测数据挖掘模型,如基于流量异常的入侵检测模型、基于协议滥用的入侵检测模型、基于混合算法的入侵检测模型等。随后通过构建入侵检测实验原型系统,在此基础上进行了用户异常行为检测的实验验证。结果表明,基于数据挖掘的入侵检测原型系统,在检测准确性、降低误报和漏报方面均有良好表现,达到了理想的保护效果。
Intrusion detection is a technology that accurately identifies abnormal behaviors on the basis of data analysis by collecting user activity behavior data inside and outside the system.The intrusion detection system based on data mining can not only identify intrusion behaviors in advance,but also provide targeted prevention and control measures to effectively ensure the security of system operation and user privacy.This paper firstly introduces several common computer intrusion detection data mining models,such as intrusion detection model based on traffic anomaly,intrusion detection model based on protocol abuse,intrusion detection model based on hybrid algorithm and so on.Then through the construction of the intrusion detection experimental prototype system,the experimental verification of user abnormal behavior detection is carried out on this basis.The results show that the intrusion detection prototype system based on data mining has a good performance in detection accuracy,reducing false positives and false negatives,and achieves an ideal protection effect.
作者
齐智江
Qi Zhijiang(Heilongjiang Preschool Education College,Mudanjiang 157011,China)
出处
《科学技术创新》
2022年第7期69-72,共4页
Scientific and Technological Innovation
关键词
入侵检测
数据挖掘
混合算法
数据预处理
Intrusion detection
Data mining
Hybrid algorithm
Data preprocessing
