| 基于数据挖掘的Snort系统改进模型 |
| |
| 引用本文: | 张亚玲,康立锦. 基于数据挖掘的Snort系统改进模型[J]. 计算机应用, 2009, 29(2): 409-411 |
| |
| 作者姓名: | 张亚玲 康立锦 |
| |
| 作者单位: | 西安理工大学,计算机科学与工程学院,西安,710048 |
| |
| 基金项目: | 教育部科学技术研究重点项目,陕西省自然科学基金 |
| |
| 摘 要: | 针对Snort系统对新的入侵行为无能为力的缺点,设计了一种基于数据挖掘理论的Snort网络入侵检测系统的改进模型。该模型在Snort入侵检测系统的基础上增加了正常行为模式挖掘模块、异常检测引擎模块和新规则生成模块,使得系统具有从新的入侵行为中学习新规则和从正常数据中学习正常行为模式的双重能力。实验结果表明,新模型不仅能够有效地检测到新的入侵行为,降低了Snort系统的漏报率,而且提高了系统的检测效率。
|
| 关 键 词: | 入侵检测 Snort 数据挖掘 规则学习 |
| 收稿时间: | 2008-08-03 |
| 修稿时间: | 2008-09-23 |
An improved model of Snort system based on data mining |
| |
| ZHANG Ya-ling,KANG Li-jin. An improved model of Snort system based on data mining[J]. Journal of Computer Applications, 2009, 29(2): 409-411 |
| |
| Authors: | ZHANG Ya-ling KANG Li-jin |
| |
| Affiliation: | ZHANG Ya-ling,KANG Li-jin School of Computer Science , Engineering,Xi'an University of Technology,Xi'an Shaanxi 710048,China |
| |
| Abstract: | An improved model of the Snort network intrusion detection system based on the theory of data mining was proposed, regarding the problem that Snort is powerless to new types of intrusion. In the new model, normal behavior patterns mining module, anomaly detection engine module and new rules generating module were added to the Snort system. By these improvements the system has double capacity of learning rules from new intrusions and learning normal behavior patterns from normal data. The test result shows that new types of intrusion can be detected effectively, the false negative of Snort can be reduced, and the detection efficiency of the system has been enhanced. |
| |
| Keywords: | intrusion detection Snort data mining rule learning |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
