摘要
面向入侵检测的数据挖掘是目前国际上网络安全和数据库、信息决策领域的最前沿的研究方向之一。入侵检测中进行序列模式挖掘时,由于频繁网络模式和频繁系统活动模式只能在网络或操作系统的单个审计数据流中获得,因而传统从事件流数据中获取单序列模式的算法,以及从不同多数据序列中获取多个序列模式的算法都不再适用。本文研究了入侵数据的特性,提出了网络入侵检测中序列模式挖掘框架和实时序列模式挖掘模型.并设计了一种新的面向入侵检测,基于轴属性、参考属性、相关支持度的序列模式挖掘算法SPM-ID(Sequential Patterns Mining forIntrusion Detection)。最后在KDD Cup99数据集的基础上实现算法及分析算法的性能。
One of the most advace research problems of network security .database and information decision is Data Mining based on Instrusion Detection- Since in sequential patterns mining for IDS,frequent network patterns and system activity patterns are got from operation system and single audit stream, the old sequential patterns mining algorithms are not fit for ID, which include mining single pattern from event stream and mining patterns from data sequences. We put forward the framework and the realtime mining model of sequential patterns mining in IDS .and more, we design a new algorithm based-on axis-attributes, reference-attributes and relative support for intrusion dectection whose name is SPM-ID( Sequential Patterns Mining for Intrusion Detection). What more, we implemente SPM-ID on enviorment in KDD Cup99 data set.
出处
《计算机科学》
CSCD
北大核心
2004年第3期75-79,共5页
Computer Science
基金
国家自然科学基金(60273075)
关键词
网络安全
入侵检测系统
序列模式
数据挖掘
计算机网络
Intrusion detection, Sequential patterns. Axis attribute (s) .Reference attribute (s) .Relative support