一种基于多层次知识库入侵检测系统的设计

知识库是一个入侵检测系统中关键的一部分,它直接影响到入侵检测系统(Intrusion Detection System,IDS)的效率、精度、速度.本文提出了一种多层次知识库入侵检测系统,有效提高了原有IDS的检测效率.并举例说明了如何通过协议分析提取特征值来组建知识库的方法.     

基于关联规则的IDS规则库构建应用研究

入侵检测系统的检测性能很大程度上取决于规则库的更新.网络安全的日益严峻对入侵检测系统的规则提取提出了更高要求.提出了将关联规则算法运用于入侵检测系统规则库更新的设想,阐述了传统的关联规则算法,并针对其入侵检测系统中的应用进行改进.以Snort为例,详细描述了用改进的关联规则算法挖掘网络数据集,然后将结果转换为入侵检测规则的过程,并以实验说明了应用关联规则构建入侵检测系统规则库的可行性.     

基于数据挖掘的网络入侵检测系统模型

本文论述了数据挖掘技术用于入侵检测的优势，针对知识库更新的智能化处理，在分析关联规则算法的基础上，提出了一个基于数据挖掘的入侵检测模型。该模型可以有效地检测新的攻击类型，实现知识库的自动更新，从而提高了入侵检测的高效性。     

NIDS的攻击知识表达模型与知识库构架

提出基于面向对象的攻击知识表达模型(OOAK),准确描述潜在的复杂攻击和多步骤组合攻击.对网络入侵检测系统(NIDS)的攻击知识库进行构架,以OOAK为基础,以规则库和方法库为核心,融入了层次知识库的设计思想,通过事件处理引擎调配知识库中的规则库和方法库,协同知识库与数据库的通信.     

面向入侵检测的知识库系统研究

随着计算机互联网的迅速发展,网络的安全问题越来越受到人们的重视,传统的加密和防火墙技术已不能满足需求,入侵检测技术由此产生.虽然入侵检测系统(IDS)经过了20多年的发展,但仍然存在着许多问题需要解决.本文针对入侵检测系统的特点,提出了一个基于XML知识表示的知识库系统构架.本文采用XML来表示知识,重点阐述了如何将入侵检测系统中的规则和相关知识利用XML来描述.     

数据挖掘技术在入侵检测系统中的实现

为了提高入侵检测系统的效率,将数据挖掘技术应用于网络入侵检测.本文实现了基于数据挖掘的入侵检测系统,采用了分层分类与关联规则分析数据.经过系统测试,能够完成对正常与异常类的分类,用关联规则分析产生入侵检测规则,并通过规则判断对入侵行为进行报警.     

基于k-means改进算法的入侵检测系统的研究

本文介绍了入侵检测系统的基本概念,分析了数据挖掘技术在入侵检测系统中的应用.本文主要研究了聚类分析中的k-means算法在入侵规则匹配中的应用,指出了该算法的不足,通过对传统k-means算法的改进解决了聚类算法固有的无法预知最佳聚类个数和分类过细的问题.提高了系统的规则匹配效率.     

基于多维多重Fuzzy推理的入侵检测模型

目前网络入侵检测系统中存在大量的Fuzzy性问题,通过对三I算法的分析,提出一个基于RM蕴涵算子的三I算法,并就FMP（fuzzy modus pronens）问题,运用该算法,研究基于多维多重以及多维多重规则时的解。该算法在研究入侵检测系统中结合特征知识库,提取入侵行为规则,抽象出入侵行为检测Fuzzy推理的一般性模型,给出了基于该模型算法的描述,并分析了算法的性能,在该算法中,应用的Fuzzy推理是基于RM算子的三I算法。     

网络入侵检测系统的模糊规则学习模型

从如何完善和改进网络入侵检测系统的检测规则方面着眼,分析了入侵检测系统漏识和误识的原因,建立了一个网络入侵检测系统的模糊规则学习模型.文章首先证明了噪声环境下入侵行为的相似关系.并以入侵检测系统原有检测规则为基础,创建了基于权重的模糊检测规则.同时提出了一个反馈误差学习算法,用于对模糊检测规则进行改进以求达到识别的最优.模型可以方便地应用于各种基于规则的入侵检测系统.     

一种基于数据挖掘技术的入侵检测模型研究

入侵检测系统是一种检测网络入侵行为并能够主动保护自己免受攻击的一种网络安全技术,是网络防火墙的合理补充.文中分析了入侵检测系统的通用模型,介绍了入侵检测系统的分类,给出了传统的网络检测技术,在此基础上,详细讨论了数据挖掘技术及其在入侵检测系统中的应用,提出了一个基于数据挖掘技术的入侵检测模型,该模型采用了数据挖掘中的分类算法和关联规则.经过实际测试,该模型能够使网络入侵检测更加自动化,提高检测效率和准确度.     

Failure detection processes by an expert system and hybrid pattern recognition

This paper describes the architecture of a failure diagnosis system, as used in automatic testing, automatic imaging inspection, and specific failure detection tasks in electronics. A new knowledge representation scheme is also given, in relation to hybrid pattern recognition rules. Current work on building a knowledge base of diagnostic metarules is mentioned.     

Expert System Hardware for Fault Detection

This paper focuses upon the development of three new electronic architectures of inference engines as a part of a hardware expert system applied to very high-speed faults detection in industrial processes. The architecture of this expert system consists of an inference engine (a dedicated processor that is necessary due to the high-speed requirements and the repetitiveness of the operation), which uses a pattern-directed inference system; a fact base, which stores the status of the signals at each moment, and a static knowledge base, which contains the inference rules compiled from expert knowledge. A circuit for analyzing time is also presented. This allows time to be taken as another variable of the process and carries out a redundancy analysis simultaneously with the fault detection module.     

SNAP: a market-propagation architecture for knowledge processing

The semantic network array processor (SNAP), a highly parallel architecture targeted to artificial intelligence applications, and in particular natural language understanding, is presented. The knowledge is represented in a form of the semantic network. The knowledge base is distributed among the elements of the SNAP array, and the processing is performed locally where the knowledge is stored. A set of powerful instructions specific to knowledge processing is implemented directly in hardware. SNAP is packaged into 256 custom-designed chips assembled on four printed circuit boards and can store a 16 K node semantic network. SNAP is a marker propagation architecture in which the movement of markers between cells is controlled by propagation rules. Various reasoning mechanisms are implemented with these marker propagation rules     

一种面向对象的模糊知识库模型

本文给出了一种专家系统模糊知识库的结构模型。重点讨论了该模型的体系结构和采用面向对象技术表示模糊规则的方法。并介绍了采用面向对象方法分析和设计模糊知识库的技术和采用面向对象串行化技术实现模糊知识库持久保存的方法。最后,分析了采用面向对象技术构建模糊知识库的优点。     

基于框架与规则相结合的棉纺工艺专家系统知识库的设计

本文讨论了棉纺工艺专家系统及其知识表示方法。在介绍棉纺工艺专家系统体系结构的基础之上，重点探讨了利用框架表示棉纺工艺的领域知识的具体方法、框架结构以及用框架一规则形式来表示推理规则及原理。并简要介绍了本系统基于事例的推理过程。     

Building knowledge base management systems

Advanced applications in fields such as CAD, software engineering, real-time process control, corporate repositories and digital libraries require the construction, efficient access and management of large, shared knowledge bases. Such knowledge bases cannot be built using existing tools such as expert system shells, because these do not scale up, nor can they be built in terms of existing database technology, because such technology does not support the rich representational structure and inference mechanisms required for knowledge-based systems. This paper proposes a generic architecture for a knowledge base management system intended for such applications. The architecture assumes an object-oriented knowledge representation language with an assertional sublanguage used to express constraints and rules. It also provides for general-purpose deductive inference and special-purpose temporal reasoning. Results reported in the paper address several knowledge base management issues. For storage management, a new method is proposed for generating a logical schema for a given knowledge base. Query processing algorithms are offered for semantic and physical query optimization, along with an enhanced cost model for query cost estimation. On concurrency control, the paper describes a novel concurrency control policy which takes advantage of knowledge base structure and is shown to outperform two-phase locking for highly structured knowledge bases and update-intensive transactions. Finally, algorithms for compilation and efficient processing of constraints and rules during knowledge base operations are described. The paper describes original results, including novel data structures and algorithms, as well as preliminary performance evaluation data. Based on these results, we conclude that knowledge base management systems which can accommodate large knowledge bases are feasible. Edited by Gunter Schlageter and H.-J. Schek. Received May 19, 1994 / Revised May 26, 1995 / Accepted September 18, 1995     

Integrating forward-chaining rules with operations and permanent knowledge bases

Traditionally, rule-based forward-chaining systems are considered to be standalone, working on a volatile memory. This paper focuses on the integration of forward-chaining rules with command-driven programming paradigms in the context of permanent, integrated knowledge bases. A system architecture is proposed that integrates the data management functions of large computerized knowledge bases into a module called a knowledge base management system (KBMS). Experiences we had in integrating rules with operations into a prototype KBMS called DALI are surveyed. For this integration, a new form of production rule, called the activation pattern controlled rule, is introduced, which augments traditional forward-chaining rules by a second, additional left-hand side, which allows making rules sensitive to calls of particular operations. Activation pattern controlled rules play an important role in DALI's system architecture, because they facilitate the storage of knowledge that has been specified relying on mixed programming, a combination of data-driven, command-driven, and preventive programming. The general problems of implementing permanent knowledge bases that contain rules and operations are discussed, and an algorithm for implementating activation pattern controlled rules, called IPTREAT, a generalization of the TREAT algorithm, is provided. Furthermore, the paper intends to clarify the differences between traditional, volatile rule-based systems and rule-based systems that are geared toward knowledge integration by supporting a permanent knowledge base.This paper is an extended and significantly revised version of a paper entitled Integrating Rules into a Knowledge Base Management System, which was presented at the First International Conference on Systems Integration, April 1990 [1].     

棉纺质量控制专家系统的设计

主要研究棉纺质量控制专家系统的体系构成、棉纺质量控制知识的表示策略及知识库的设计。知识库的设计是该系统设计最重要的工作,包括基本数据库和规则库两方面。知识库的核心内容之一是基本数据库,用来存放质量问题的描述、产生原因、防止和处理办法等。规则库由质量问题库、质量问题影响因素、质量问题处理措施三个库构成。知识库的设计方法是先将棉纺质量控制知识抽象成概念、事实和规则,然后用关系数据库来存储这些知识。在此基础上构建一个基于产生式规则的专家系统。本系统采用基于规则的数据和信息驱动正向推理为主,辅之以目标驱动控制策略,算法采用深度优先。合理的知识库设计和有效的推理方法使得该系统效果较好。     

基于数据挖掘的网络入侵检测技术研究

现有NIDS的检测知识一般由手工编写,其难度和工作量都较大.将数据挖掘技术应用于网络入侵检测,在Snort的基础上构建了基于数据挖掘的网络入侵检测系统模型.重点设计和实现了基于K-Means算法的异常检测引擎和聚类分析模块,以及基于Apriori算法的关联分析器.实验结果表明,聚类分析模块能够自动建立网络正常行为模型,并用于异常检测,其关联分析器能够自动挖掘出新的入侵检测规则.     

基于推理的作战方案评估系统研究

根据作战方案评估要素对评估系统的要求进行了系统功能需求分析,根据该分析设计了作战方案评估系统的总体架构,采用面向对象知识表示法构建了评估系统的知识库,设计了基于规则推理方法的系统推理机,并给出了解释子系统的解释机制。该系统能够利用军事专家的经验和军事决策规则对作战方案进行评估,降低了人的主观因素对评估结果的影响,同时提高了评估结论的可信度。