基于本体模糊映射和特征分析的网络入侵检测模型研究

通过对网络入侵的相关知识进行研究,提出了一种基于本体模糊映射和特征分析相结合的网络入侵检测模型;在研究中首先对知识元或数据信息集经过训练形成本体知识库,然后对已知入侵模式的特征知识元或数据信息集进行挖掘,形成特征库;当待测数据集开始检测时,先抽取其知识本体,对其本体和本体知识库中的本体元进行模糊映射,相似度在系统安全阈值范围内的,属于正常数据集,否则,置其入数据评估集,进行特征库匹配,匹配度低的数据信息集属于异常数据给予用户提示,予以报警;在待测数据集检测结束后,对本体知识库和特征库实时更新;该模型通过数据信息集的训练形成自有本体库,避免了数据噪音干扰,提高了检测效率和预警率。

A Study of Network Intrusion Detection Model Based on Ontology Fuzzy Mapping and Feature Analysis

By studying the knowledge related to network intrusion,this paper puts forward a network intrusion detection model based on ontology fuzzy mapping and feature analysis.In this study,knowledge element or message data set is trained to form ontology knowledge base,and then feature knowledge element or message data set of the known intrusion pattern is mined to form feature database.When dataset starts to be detected,its knowledge ontology is extracted first,and the notology element of its ontology and ontology knowledge base are fuzzily mapped.If the similarity degree stays in the safety valve value,the dataset is normal.Otherwise it is put into the data evaluation set and to be matched with the feature data.If the message data set of low matching degree belongs to abnormal data,the user will be prompted and warned.After the dataset is detected,the ontology knowledge base and the feature base must be updated in real time.This model,by training the message data set,forms self-ontology base,avoids data noise interference,and improves the detection efficiency and the early warning rate.