| 基于序列模式的异常检测 |
| |
| 引用本文: | 钱昱 郑诚. 基于序列模式的异常检测[J]. 微机发展, 2004, 14(9): 53-55 |
| |
| 作者姓名: | 钱昱 郑诚 |
| |
| 作者单位: | 安徽大学计算智能与信号处理教育部重点实验室,安徽大学计算智能与信号处理教育部重点实验室 安徽合肥230039,安徽合肥230039 |
| |
| 基金项目: | 安徽省教育厅自然基金资助项目(2002kj009) |
| |
| 摘 要: | 数据挖掘技术是目前国际上的研究热点,入侵检测作为一种主动的信息安全保障措施,有效地弥补了传统安全防护技术的缺陷。文中把数据挖掘中的序列模式方法应用于入侵检测系统,摒弃了以前入侵检测方法需要根据专家经验建立攻击模式库的不足,具有较强的灵活性,能检测出未知的攻击手段。为了比较用户在正常情况下所形成历史模式和从包含异常行为的检测数据中挖掘出的当前模式,文中还设计了相似度函数。最后给出了具体实验步骤,并针对9个Unix用户的实验结果证明了该方法的可行性。
|
| 关 键 词: | 序列模式 异常检测 数据挖掘 入侵检测 网络信息安全 |
| 文章编号: | 1005-3751(2004)09-0053-03 |
| 修稿时间: | 2004-01-16 |
Anomaly Detection Based on Sequential Patterns |
| |
| QIAN Yu,ZHENG Cheng l Processing,Anhui Univ.,Hefei ,China). Anomaly Detection Based on Sequential Patterns[J]. Microcomputer Development, 2004, 14(9): 53-55 |
| |
| Authors: | QIAN Yu ZHENG Cheng l Processing Anhui Univ. Hefei China) |
| |
| Affiliation: | QIAN Yu,ZHENG Cheng l Processing,Anhui Univ.,Hefei 230039,China) |
| |
| Abstract: | At present, data mining technology has become international hot point of research. As a kind of active measure of information assurance, intrusion detection acts as the effective complement to traditional protection techniques. The article introduces the concept of anomaly detection based on sequential patterns. The method in the article gets rid of the shortcoming that building intrusion detection models database need the experts' experience. The technology has flexibility and can detect unexpected attack behaviors. In order to differ from the history patterns formed under the normal condition and the present patterns mined form the detected data including anomaly behaviors the article designs the resemblance function. Finally the experimental steps are given, and the experimental result referring to 9 users under the Unix operating system proves the feasibility of the technology. |
| |
| Keywords: | network security anomaly detection association rules sequential patterns |
| 本文献已被 CNKI 维普 等数据库收录! |
