| 基于数据挖掘的自适应入侵检测研究 |
| |
| 引用本文: | 方金和,冯雁,王瑞杰. 基于数据挖掘的自适应入侵检测研究[J]. 计算机工程与应用, 2006, 42(18): 152-154,196 |
| |
| 作者姓名: | 方金和 冯雁 王瑞杰 |
| |
| 作者单位: | 浙江大学计算机学院,杭州,310027;浙江大学计算机学院,杭州,310027;浙江大学计算机学院,杭州,310027 |
| |
| 摘 要: | 基于当前入侵检测系统的缺陷,提出了开发自适应入侵检测系统必须考虑的两个问题:正常行为简档更新时间的选择和更新机制的选择。对于第一个问题,通过计算增量审计数据与正常行为模式之间相似度,决定是否更新以及何时更新简档;对于第二个问题,采用滑动窗口,只使用当前窗口内的增量审计数据更新正常行为简档,过滤掉过时的数据,保证简档能够反映最新的系统行为变化。
|
| 关 键 词: | 数据挖掘 入侵检测 自适应 相似度 滑动窗口 |
| 文章编号: | 1002-8331-(2006)18-0152-03 |
| 收稿时间: | 2005-11-01 |
| 修稿时间: | 2005-11-01 |
Study of Adaptive Intrusion Detection with Data Mining |
| |
| Fang Jinhe,Feng Yan,Wang Ruijie. Study of Adaptive Intrusion Detection with Data Mining[J]. Computer Engineering and Applications, 2006, 42(18): 152-154,196 |
| |
| Authors: | Fang Jinhe Feng Yan Wang Ruijie |
| |
| Affiliation: | College of Computer Science,Zhejiang University, Hangzhou 310027 |
| |
| Abstract: | After discussing the constraints of current intrusion detection systems(IDS),we issue two problems should be considered in developing an adaptive IDS,one is to select the time to update the normal profile and the other is to select a mechanism to update the profile.To resolve the first problem,we calculate the similarity between the incremental audit data and the normal profile and then decide whether to and when to update the profile.To resolve the second problem,we employ a sliding window approach and use only the audit data inside that sliding window to update the profile.The window therefore acts to filter out outdated audit data and to build a profile based on only recent data that reflects the recent system activities. |
| |
| Keywords: | data mining intrusion detection adaptive similarity sliding window |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
