摘要
针对目前常见的入侵检测的模型的一些结构性的缺点,提出了基本数据挖掘的动态自学习入侵检测模型DMIDS,给出了动态自学习的正常行为库的更新机制,克服了传统静态检测模型必须完全重新学习才能更新模型甚至无法重新学习的缺陷。通过基于KDD’99数据集的实验,表明其相对于传统的异常检测方法在保证较高检测率的前提下,有效地降低了误报率。
It has a few configuration disadvantages in the current popular intrusion detection system. The dynamic self-learning intrusion detection model DMIDS based on envisaging this configuration disadvantage is brought forward. And the renewal mechanism of the dynamic self-learning normal behavior database is presented. This model overcomes the disadvantage that the traditional static detecting model must relearn over all the old and new examples, even can not relearn because of limited memory size. The proof from the test based on KDD' 99 attests this model DMIDS reduce the error ratio effectively comparing with the traditional anomaly detection under the precondition of pledging the rate of detection.
出处
《计算机工程与设计》
CSCD
北大核心
2009年第11期2660-2662,共3页
Computer Engineering and Design
关键词
网络安全
异常检测
数据挖掘
入侵检测
动态自学习
internet safety
anomaly detection
data mining
intrusion detection
dynamic self-learning