摘要
为提高入侵检测系统的智能性、准确性和检测效率,针对入侵检测系统的特点,将数据挖掘技术应用于入侵检测系统。阐述了使用关联规则及其优化算法,对日志文件进行特征分析与知识发掘的入侵检测系统的设计与实现。实验表明,优化后的算法在对某一日志文件的入侵检测中,准确率平均提高45%,检测效率平均提高50%,大大增强了入侵检测系统的性能。
To improve the intelligence, precision and efficiency of IDS ( Intrusion Detection System), the paper applies data mining technology to IDS according to the characteristics of the system. It describes how to acquire the intrusion knowledge from the logs and detect the intrusion behaviors based on the improved association rules algorithm. The results of experiments show that the precision of IDS, using the improved algorithm on a certain log is increased by 45 percent and the efficiency is increased by 50 percent. The optimized algorithm actually improves the performance of IDS.
出处
《吉林大学学报(信息科学版)》
CAS
2006年第2期204-209,共6页
Journal of Jilin University(Information Science Edition)
基金
振兴老工业基地科技公关基金资助项目(04-02GG158)
关键词
关联规则
数据挖掘
入侵检测
日志
association rules
data mining
intrusion detection
log