摘要
研究关联规则的高效挖掘算法对于提高入侵检测的准确性和时效性具有非常重要的意义。针对现行的入侵检测方法建立的正常模式和异常模式不够准确、完善,容易造成误警或漏警的问题,本文将改进后的关联规则挖掘算法-XARM和关联规则增量更新算法-SFUP应用于网络入侵检测,提出了新的入侵检测方法,该方法通过挖掘训练审计数据中的频繁项集建立系统和用户的正常行为模型以及入侵行为模型。
The research of efficient association rules mining algorithm has important value for improving accuracy and efficiency of IDS. Because the user behavior features extracted by current IDS cannot reflect real circumstances, normal and abnormal models are not so accurate and perfect. The paper presents an intrusion detection method based on a fast mining algorithm XARM and an incremental updating algorithm SFUP. This method first constructs user normal and abnormal models by mining training data sets. Then, the real time behavior model is obtained by incrementally updating the real Internet data, and the intrusion detection is accomplished by marching the model database. These methods can distinquisb normal behavior form abnormal behavior, timely update and improve IDS models.
出处
《通信技术》
2008年第12期316-318,共3页
Communications Technology