| 基于数据挖掘技术的入侵检测系统的研究 |
| |
| 引用本文: | 高翔,王敏,胡正国.基于数据挖掘技术的入侵检测系统的研究[J].西北工业大学学报,2003,21(4):395-397. |
| |
| 作者姓名: | 高翔 王敏 胡正国 |
| |
| 作者单位: | 1. 西北工业大学,计算机科学与工程系,陕西,西安,710072
2. 空军工程大学,电讯工程学院,陕西,西安,710077 |
| |
| 摘 要: | 入侵检测技术已经成为网络安全领域的研究热点。本介绍了入侵检测的分类以及应用在入侵检测中的数据挖掘方法,并阐述了构建的基于数据挖掘技术的入侵检测系统的设计与实现。
|
| 关 键 词: | 网络安全 数据挖掘 入侵检测 |
| 文章编号: | 1000-2758(2003)04-0395-03 |
| 修稿时间: | 2002年7月12日 |
An Intrusion Detection System Based on Data Mining |
| |
| Abstract: | It is increasingly necessary to provide network security against theft of information. Intrusion detection system is an emerging and promising security measure, both against unauthorized internal intrusion and as effective protection against hackers in addition to firewall. Section 2 describes the intrusion detection system based on data mining that we propose. Section 2 includes essentially the following topics: (1) the seven items contained in each connect in packet flow; (2) the treatment of packet flow data in order to construct IP (internet protocol) conversation behavior profiles; (3) the storage of IP conversation behavior profiles; (4) the mining and analysis of the behavioral data to discover the appearance of potentially suspicious packet flow data which exhibit IP conversation behavior that is abnormal when checked against stored profiles; (5) the testing of our intrusion detection system when the network it protects is under simulated attack. The results from experiments, as described at the end of section 2, show preliminarily that the system can be used for detecting probing attacks. |
| |
| Keywords: | network security data mining intrusion detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
