摘要
在入侵检测CIDF体系结构基础上,提出了基于网络的二层式多数据包分析入侵检测模型.这一模型中,事件分析器对当前事件分两层进行处理:先将当前事件结合历史事件进行关联分类,找出与当前事件关联紧密的历史事件;然后对包含当前事件的这一类关联事件进行回归分析,最终发现潜在的协同攻击和分布式入侵行为.仿真试验说明该算法模型能够检测出传统入侵检测系统难以发现的分布式入侵行为.
Based on intrusion detection common intrusion detection framework(CIDF) architecture,a new network intrusion detection model of multi-data packages analysis was presented. In this model current affair was transacted by two steps through affair analyzer: First, we associated the current data packets with historical data packets, processed a clustering analysis and found out the historical data packets that were closely associated with current data packets; Then, we used Multiplayer Forward Neural Network to process a regression analysis to data packets,and obtained the results of intrusion detection. The simulation experimentation has proved that this model can check up the distribute intrusion affairs that is difficult to discover on traditional intrusion detection system(IDS).
出处
《湖南大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2006年第6期119-122,共4页
Journal of Hunan University:Natural Sciences
基金
国家自然科学基金重点资助项目(70631004)
关键词
回归分析
凝聚聚类
数据挖掘
网络入侵检测
zregression analysis
agglomerate clustering
data mining
network intrusion detection(NID)