模糊数据挖掘和遗传算法在入侵检测中的应用

论述了数据挖掘和遗传算法在入侵检测中的应用，详细描述了模糊关联规则和模糊频繁序列挖掘，并进一步介绍了如何采用遗传算法优化模糊集合隶属函数，从而达到改善入侵检测系统性能的目的。     

Intrusion detection by integrating boosting genetic fuzzy classifier and data mining criteria for rule pre-screening

The purpose of the work described in this paper is to provide an intelligent intrusion detection system (IIDS) that uses two of the most popular data mining tasks, namely classification and association rules mining together for predicting different behaviors in networked computers. To achieve this, we propose a method based on iterative rule learning using a fuzzy rule-based genetic classifier. Our approach is mainly composed of two phases. First, a large number of candidate rules are generated for each class using fuzzy association rules mining, and they are pre-screened using two rule evaluation criteria in order to reduce the fuzzy rule search space. Candidate rules obtained after pre-screening are used in genetic fuzzy classifier to generate rules for the classes specified in IIDS: namely Normal, PRB-probe, DOS-denial of service, U2R-user to root and R2L-remote to local. During the next stage, boosting genetic algorithm is employed for each class to find its fuzzy rules required to classify data each time a fuzzy rule is extracted and included in the system. Boosting mechanism evaluates the weight of each data item to help the rule extraction mechanism focus more on data having relatively more weight, i.e., uncovered less by the rules extracted until the current iteration. Each extracted fuzzy rule is assigned a weight. Weighted fuzzy rules in each class are aggregated to find the vote of each class label for each data item.     

基于改进多层次模糊关联规则的定量数据挖掘算法

针对单一层次结构实现规则提取具有规则提取准确性不高、算法运行时间长、难以满足用户使用需求的问题,提出一种基于改进多层次模糊关联规则的定量数据挖掘算法。采用高频项目集合,通过不断深化迭代的方法形成自顶向下的挖掘过程,整合模糊集合理论、数据挖掘算法以及多层次分类技术,从事务数据集中寻找模糊关联规则,挖掘出储存在多层次结构事务数据库中定量值信息的隐含知识,实现用户的定制化信息挖掘需求。实验结果表明,提出的数据挖掘算法在挖掘精度和运算时间方面相较于其他算法具有突出优势,可为多层次关联规则提取方法的实际应用带来新的发展空间。     

Incremental fuzzy temporal association rule mining using fuzzy grid table

Traditional temporal association rules mining algorithms cannot dynamically update the temporal association rules within the valid time interval with increasing data. In this paper, a new algorithm called incremental fuzzy temporal association rule mining using fuzzy grid table (IFTARMFGT) is proposed by combining the advantages of boolean matrix with incremental mining. First, multivariate time series data are transformed into discrete fuzzy values that contain the time intervals and fuzzy membership. Second, in order to improve the mining efficiency, the concept of boolean matrices was introduced into the fuzzy membership to generate a fuzzy grid table to mine the frequent itemsets. Finally, in view of the Fast UPdate (FUP) algorithm, fuzzy temporal association rules are incrementally mined and updated without repeatedly scanning the original database by considering the lifespan of each item and inheriting the information from previous mining results. The experiments show that our algorithm provides better efficiency and interpretability in mining temporal association rules than other algorithms.

     

基于模糊关联规则挖掘的模糊入侵检测

论文把模糊关联规则挖掘算法引入到网络的入侵检测,利用该算法从网络数据集中提取出具有较高可信性和完备性的模糊规则,并利用这些规则设计和实现用于入侵检测的模糊分类器。同时,针对模糊关联规则挖掘算法,利用K-means聚类算法建立属性的模糊集和模糊隶属函数,并提出了一种双置信度算法以增加模糊规则的有效性和完备性。最后,给出了详实的实验过程和结果,以此来验证提出的模糊入侵检测方法的有效性。     

入侵检测中的模糊数据挖掘技术

本文论述了模糊数据挖掘技术在入侵检测中的应用，详细描述了利用审计数据挖掘模糊相联规则的算法，给出了相联规则集合相似度的函数，最后给出了利用它进行异常检测的简单的试验结果，结果表明利用模糊数据挖掘可以识别系统的异常行为。     

Mining fuzzy association rules from low-quality data

Data mining is most commonly used in attempts to induce association rules from databases which can help decision-makers easily analyze the data and make good decisions regarding the domains concerned. Different studies have proposed methods for mining association rules from databases with crisp values. However, the data in many real-world applications have a certain degree of imprecision. In this paper we address this problem, and propose a new data-mining algorithm for extracting interesting knowledge from databases with imprecise data. The proposed algorithm integrates imprecise data concepts and the fuzzy apriori mining algorithm to find interesting fuzzy association rules in given databases. Experiments for diagnosing dyslexia in early childhood were made to verify the performance of the proposed algorithm.     

一种基于数据挖掘的分布式入侵检测系统

将数据挖掘技术应用到分布式入侵检测系统中,提出了基于数据挖掘的分布式入侵规则生成算法,能够有效地从海量审计数据中发现规则,生成异常检测模型,最终有效地检测分布式入侵。     

关系数据库中的模糊关联规则挖掘算法研究

关联是数据挖掘领域的一个重要研究课题。对模糊关联规则挖掘进行了研究,针对普通关联规则不能精确表达数据库中模糊信息关联性的问题,提出了一种新的模糊关联规则挖掘算法FARM_New,结果表明算法是有效的,提高了模糊挖掘的速度。     

A GA-based Fuzzy Mining Approach to Achieve a Trade-off Between Number of Rules and Suitability of Membership Functions

Data mining is most commonly used in attempts to induce association rules from transaction data. Transactions in real-world applications, however, usually consist of quantitative values. This paper thus proposes a fuzzy data-mining algorithm for extracting both association rules and membership functions from quantitative transactions. We present a GA-based framework for finding membership functions suitable for mining problems and then use the final best set of membership functions to mine fuzzy association rules. The fitness of each chromosome is evaluated by the number of large 1-itemsets generated from part of the previously proposed fuzzy mining algorithm and by the suitability of the membership functions. Experimental results also show the effectiveness of the framework.     

Mining fuzzy association rules for classification problems

The effective development of data mining techniques for the discovery of knowledge from training samples for classification problems in industrial engineering is necessary in applications, such as group technology. This paper proposes a learning algorithm, which can be viewed as a knowledge acquisition tool, to effectively discover fuzzy association rules for classification problems. The consequence part of each rule is one class label. The proposed learning algorithm consists of two phases: one to generate large fuzzy grids from training samples by fuzzy partitioning in each attribute, and the other to generate fuzzy association rules for classification problems by large fuzzy grids. The proposed learning algorithm is implemented by scanning training samples stored in a database only once and applying a sequence of Boolean operations to generate fuzzy grids and fuzzy rules; therefore, it can be easily extended to discover other types of fuzzy association rules. The simulation results from the iris data demonstrate that the proposed learning algorithm can effectively derive fuzzy association rules for classification problems.     

基于数据挖掘的网络异常行为检测技术设计与实现

既有的基于数据挖掘技术的入侵检测将研究重点放在误用检测上。提出了基于数据挖掘技术的网络异常检测方案，并详细分析了核心模块的实现。首先使用静态关联规则挖掘算法和领域层面挖掘算法刻画系统的网络正常活动简档，然后通过动态关联规则挖掘算法和领域层面挖掘算法输出表征对系统攻击行为的可疑规则集，这些规则集结合从特征选择模块中提取网络行为特征作为分类器的输入，以进一步降低误报率。在由DAR-AP1998入侵检测评估数据集上的实验证明了该方法的有效性。最后，对数据挖掘技术在入侵检测领域中的既有研究工作做了，总结。     

基于改进的Apriori算法的入侵检测系统研究

针对动态安全模型理论P2DR,本文在入侵检测技术中应用了关联规则数据挖掘算法,并适当改进了Apriori算法。该算法对关联规则进行强有力的压缩,减少了结果集中规则的数目。实验结果表明,改进的算法能够有效压缩关联规则数目,提高算法效率,适用于网络数据挖掘,并能有效地减少入侵检测技术中的误报率和漏报率。     

基于遗传优化与模糊规则挖掘的异常入侵检测

提出一种基于智能体进化计算框架与遗传模糊规则挖掘的异常入侵检测方法.通过应用模糊集分布策略、解释性的控制策略和模糊规则生成策略,实现了Agent之间的模糊集信息交换,从而有效地从网络数据中抽取正确的、可解释的模糊IF-THEN分类规则,优化了模糊系统的可解释性,并提高了系统的紧凑性.采用KDD-Cup99数据集进行测试,并与现有方法进行了比较,结果表明该方法对R2L的攻击检测性能稍弱,对DoS、Probe和U2R的攻击均具有较高的分类精度与较低的误报率.     

计算机数据库入侵检测技术探析

根据入侵检测系统和数据挖掘技术的特征,提出一种运用数据挖掘技术的入侵检测系统。它的架构包括数据采集、规则建立、异常检测、响应处理。采用改进的Apriori算法,即关联规则数据挖掘技术从系统有关数据中提取有关行为特征和规则,从而用于建立数据库安全异常模式或正常模式。     

一种改进的模糊关联算法及其在IDS中的应用

关联规则的发现是数据挖掘中的一个重要问题,但只是对离散型数据进行处理。为解决连续数量值属性的划分出现的“尖锐边界”问题,采用模糊划分,实现数据平滑过渡。由于入侵检测系统(IDS)对训练数据要求不高,文中提出了一种使用哈希链表改进模糊关联规则挖掘的新算法,且在挖掘过程中使用了等价类快速查找频繁项集,避免了反复扫描数据库及大量重复计算检验步骤。通过一个入侵检测系统的算例显示了其优越性,来提高对入侵数据的识别能力。     

关联规则向Snort规则转换的应用研究

在入侵检测中的使用关联规则算法,在检测的时候需要重新计算一些统计数据,降低了检测的速度和准确度,所以它提出了一种把数据挖掘的关联规则转化成Snort规则库的方法,这样既提高了入侵检测的速度和准确率,也使得入侵检测具有了一定的自适应能力。     

Multi-objective genetic algorithms based automated clustering for fuzzy association rules mining

Researchers realized the importance of integrating fuzziness into association rules mining in databases with binary and quantitative attributes. However, most of the earlier algorithms proposed for fuzzy association rules mining either assume that fuzzy sets are given or employ a clustering algorithm, like CURE, to decide on fuzzy sets; for both cases the number of fuzzy sets is pre-specified. In this paper, we propose an automated method to decide on the number of fuzzy sets and for the autonomous mining of both fuzzy sets and fuzzy association rules. We achieve this by developing an automated clustering method based on multi-objective Genetic Algorithms (GA); the aim of the proposed approach is to automatically cluster values of a quantitative attribute in order to obtain large number of large itemsets in less time. We compare the proposed multi-objective GA based approach with two other approaches, namely: 1) CURE-based approach, which is known as one of the most efficient clustering algorithms; 2) Chien et al. clustering approach, which is an automatic interval partition method based on variation of density. Experimental results on 100 K transactions extracted from the adult data of USA census in year 2000 showed that the proposed automated clustering method exhibits good performance over both CURE-based approach and Chien et al.’s work in terms of runtime, number of large itemsets and number of association rules.     

Mining fuzzy specific rare itemsets for education data

Association rule mining is an important data analysis method for the discovery of associations within data. There have been many studies focused on finding fuzzy association rules from transaction databases. Unfortunately, in the real world, one may have available relatively infrequent data, as well as frequent data. From infrequent data, we can find a set of rare itemsets that will be useful for teachers to find out which students need extra help in learning. While the previous association rules discovery techniques are able to discover some rules based on frequency, this is insufficient to determine the importance of a rule composed of frequency-based data items. To remedy this problem, we develop a new algorithm based on the Apriori approach to mine fuzzy specific rare itemsets from quantitative data. Finally, fuzzy association rules can be generated from these fuzzy specific rare itemsets. The patterns are useful to discover learning problems. Experimental results show that the proposed approach is able to discover interesting and valuable patterns from the survey data.     

Online mining of fuzzy multidimensional weighted association rules

This paper addresses the integration of fuzziness with On-Line Analytical Processing (OLAP) based association rules mining. It contributes to the ongoing research on multidimensional online association rules mining by proposing a general architecture that utilizes a fuzzy data cube for knowledge discovery. A data cube is mainly constructed to provide users with the flexibility to view data from different perspectives as some dimensions of the cube contain multiple levels of abstraction. The first step of the process described in this paper involves introducing fuzzy data cube as a remedy to the problem of handling quantitative values of dimensional attributes in a cube. This facilitates the online mining of fuzzy association rules at different levels within the constructed fuzzy data cube. Then, we investigate combining the concepts of weight and multiple-level to mine fuzzy weighted multi-cross-level association rules from the constructed fuzzy data cube. For this purpose, three different methods are introduced for single dimension, multidimensional and hybrid (integrates the other two methods) fuzzy weighted association rules mining. Each of the three methods utilizes a fuzzy data cube constructed to suite the particular method. To the best of our knowledge, this is the first effort in this direction. We compared the proposed approach to an existing approach that does not utilize fuzziness. Experimental results obtained for each of the three methods on a synthetic dataset and on the adult data of the United States census in year 2000 demonstrate the effectiveness and applicability of the proposed fuzzy OLAP based mining approach. OLAP is one of the most popular tools for on-line, fast and effective multidimensional data analysis. In the OLAP framework, data is mainly stored in data hypercubes (simply called cubes).