| 基于数据挖掘与CIDF的自适应入侵检测系统 |
| |
| 引用本文: | 邹仕洪,阙喜戎,龚向阳,程时端. 基于数据挖掘与CIDF的自适应入侵检测系统[J]. 计算机工程与应用, 2002, 38(11): 184-186 |
| |
| 作者姓名: | 邹仕洪 阙喜戎 龚向阳 程时端 |
| |
| 作者单位: | 北京邮电大学交换技术与通信网国家重点实验室,北京,100876 |
| |
| 基金项目: | 国家信息化工作领导小组计算机网络与信息安全管理工作办公室项目基金(编号:2001-研1-002) |
| |
| 摘 要: | 传统的由安全专家手工构造入侵检测规则的方法在新攻击频繁出现的今天越来越暴露出其工作量大、响应慢的局限性。为克服上述局限,该文提出一种自适应的入侵检测系统框架。该系统基于公共入侵检测框架(CIDF)构建,当出现新攻击时,利用数据挖掘对海量数据进行挖掘,得出入侵模型后由系统自动转换为检测规则以实现规则库的自动更新。另外,在一定授权情况下,其他入侵检测系统可以向该系统请求分发入侵模型以得到及时更新。
|
| 关 键 词: | 自适应入侵检测 数据挖掘 CIDF 入侵模型 |
| 文章编号: | 1002-8331-(2002)11-0184-03 |
| 修稿时间: | 2001-07-01 |
Adaptive Intrusion Detection System Based on Data Mining and CIDF |
| |
| Zou Shihong Que Xirong Gong Xiangyang Chen g Shiduan. Adaptive Intrusion Detection System Based on Data Mining and CIDF[J]. Computer Engineering and Applications, 2002, 38(11): 184-186 |
| |
| Authors: | Zou Shihong Que Xirong Gong Xiangyang Chen g Shiduan |
| |
| Abstract: | Traditional Intrusion D et ection System's rule base is built by security expert manually.With new attacks coming up more and more frequently,this method is expensive and slow.The pape r describes an adaptive intrusion detection system framework.This framework is based on CIDF,and uses Data Mining to mine intrusion models,then automatically transforms it into intrusion detection rules for rule base's updating.In addi tion,under certain authorization,other intrusion detection systems can be upd ated by subscribing these intrusion modes. |
| |
| Keywords: | adaptive intrusion detecti on data mining CIDF intrusion mode |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
