基于数据挖掘的网络异常行为检测技术设计与实现

既有的基于数据挖掘技术的入侵检测将研究重点放在误用检测上。提出了基于数据挖掘技术的网络异常检测方案，并详细分析了核心模块的实现。首先使用静态关联规则挖掘算法和领域层面挖掘算法刻画系统的网络正常活动简档，然后通过动态关联规则挖掘算法和领域层面挖掘算法输出表征对系统攻击行为的可疑规则集，这些规则集结合从特征选择模块中提取网络行为特征作为分类器的输入，以进一步降低误报率。在由DAR-AP1998入侵检测评估数据集上的实验证明了该方法的有效性。最后，对数据挖掘技术在入侵检测领域中的既有研究工作做了，总结。

Design and implementation of network anomaly behavior detection techniques based on data mining

Data mining-based intrusion detection proposed before mainly focused on misuse detection.A data mining-based net- work anomaly detection technique were proposed.The implementation of kernel module was discussed in detail.Firstly,a com- bination of static mining algorithm on association rules and a domain level mining algorithm were used to profile the normal activity model of network.Secondly,a combination of a dynamic mining algorithm for association rules and the domain level algorithm, whose output consists of rules that characterize attacks to the system.These rules,along with a set of features extracted by a features selection module were used as the training set for a classifier for the purpose of lowering the false positive rate further. Experiment results on the DARAP 1998 intrusion detection evaluation dataset verified the effectiveness of this method.Finally, the work result about data mining-technique applied to intrusion detection system was summarized.