摘要
该文针对入侵检测系统中的核心组件———事件分析引擎,在对各种事件分析技术做出分析的基础之上,设计了一种以归纳学习获得判决模型的基于规则分类判决的事件分析引擎。分析了该IDS的分类模型及算法,并以DARPA入侵检测数据为基础做相应实验,得出几个有用的结论。实验结果表明,该事件分析引擎具有很高的检测概率和很低的虚警概率。
This paper first analyzes some kinds of event analyzing technology and then designs an event analyzer based on rule-classification which gets the rule-set by inductive learning.It also analyzes the system model as well as the algorithm and does some useful experiments using DARPA data.This event analyzer is proved to be with very high performances by the results.Some useful conclusions are also made at the end of this paper.
出处
《计算机工程与应用》
CSCD
北大核心
2003年第7期1-3,35,共4页
Computer Engineering and Applications
基金
国家863高技术研究发展项目支持(编号:863-2-5-3-5)
