摘要
复合攻击是网络入侵的主要形式之一。如何检测复合攻击是当前入侵检测研究的一个重要方向,经过对复合攻击模式的大量研究,提出了一种基于自动调节的警报关联模型。为了提高入侵检测系统的效率,针对入侵检测系统的特点,将数据挖掘技术引入模型中。阐述了使用为关联规则提取所优化的Apriori算法,对日志文件进行特征分析与知识发掘的入侵检测系统模型的设计。
The multi-step attack is one of the primary forms of the current intrusions. How to detect these attacks is an important aspect of IDS(Intrusion Detection System) research. Through the study on patterns of the multi-step attack, a model of alert correlation which is based on self-regulate is designed. To improve eficiency of IDS,the paper applies data mining technology to IDS according to the characteristics of the system.It describes how to acquire the intrusion knowledge from the logs and detect the intrusion behaviors based on the improved Apriori algorithm.
出处
《计算机安全》
2009年第11期20-22,共3页
Network & Computer Security