| 基于数据挖掘的网络入侵检测技术研究 |
| |
| 引用本文: | 朱岸青,张昌城.基于数据挖掘的网络入侵检测技术研究[J].计算机工程与设计,2008,29(2):318-322. |
| |
| 作者姓名: | 朱岸青 张昌城 |
| |
| 作者单位: | 1. 广东工贸职业技术学院,计算机系,广东,广州,510510
2. 暨南大学计算机系,广东,广州,510632 |
| |
| 摘 要: | 现有NIDS的检测知识一般由手工编写,其难度和工作量都较大.将数据挖掘技术应用于网络入侵检测,在Snort的基础上构建了基于数据挖掘的网络入侵检测系统模型.重点设计和实现了基于K-Means算法的异常检测引擎和聚类分析模块,以及基于Apriori算法的关联分析器.实验结果表明,聚类分析模块能够自动建立网络正常行为模型,并用于异常检测,其关联分析器能够自动挖掘出新的入侵检测规则.
|
| 关 键 词: | 异常检测 入侵检测 数据挖掘 聚类分析 关联分析 关联分析器 |
| 文章编号: | 1000-7024(2008)02-0308-05 |
| 收稿时间: | 2007-02-01 |
| 修稿时间: | 2007年2月1日 |
Research on network intrusion detection technology based on data mining |
| |
| ZHU An-qing,ZHANG Chang-cheng.Research on network intrusion detection technology based on data mining[J].Computer Engineering and Design,2008,29(2):318-322. |
| |
| Authors: | ZHU An-qing ZHANG Chang-cheng |
| |
| Abstract: | The detection knowledge of current NIDS is written by hand, it means much difficulty and a lot of work. Applying data mining techniques to the network intrusion detection, a snort-based NIDS architecture is given. The abnormal detection engine, the cluster analysis module based on K-means algorithm and the association analyzer based on Apriori algorithm are discussed. Experimental results show that the cluster analysis module can automatically build the models of network normal activity and these models can be used in abnormal detection, while its association analyzer can automatically construct new intrusion detection rules. |
| |
| Keywords: | abnormal detection intrusion detection data mining clustering analysis association analysis association analyzer |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
