共查询到20条相似文献,搜索用时 796 毫秒
1.
针对传统入侵检测系统对付复杂攻击防御时暴露出的不足,提出利用数据挖掘技术进行网络入侵事件协同分析,建立关联规则与序列规则模型,并结合两者进行全局信息推理获取复杂攻击模式.重点研究了复杂入侵事件的防御决策技术和基于有限自动机的危机分析方法,详细分析了防御决策向量的制定过程以及防御知识的表示问题.实验结果表明,所提出的模型和方法能通过提前确定防御点增强系统防御的实时性与有效性. 相似文献
2.
3.
4.
基于数据挖掘与CIDF的自适应入侵检测系统 总被引:1,自引:1,他引:1
传统的由安全专家手工构造入侵检测规则的方法在新攻击频繁出现的今天越来越暴露出其工作量大、响应慢的局限性。为克服上述局限,该文提出一种自适应的入侵检测系统框架。该系统基于公共入侵检测框架(CIDF)构建,当出现新攻击时,利用数据挖掘对海量数据进行挖掘,得出入侵模型后由系统自动转换为检测规则以实现规则库的自动更新。另外,在一定授权情况下,其他入侵检测系统可以向该系统请求分发入侵模型以得到及时更新。 相似文献
5.
复合攻击是网络入侵的主要形式之一。如何检测复合攻击是当前入侵检测研究的一个重要方向,经过对复合攻击模式的大量研究,提出了一种基于自动调节的警报关联模型。为了提高入侵检测系统的效率,针对入侵检测系统的特点,将数据挖掘技术引入模型中。阐述了使用为关联规则提取所优化的Apriori算法,对日志文件进行特征分析与知识发掘的入侵检测系统模型的设计。 相似文献
6.
提出基于面向对象的攻击知识表达模型(OOAK),准确描述潜在的复杂攻击和多步骤组合攻击.对网络入侵检测系统(NIDS)的攻击知识库进行构架,以OOAK为基础,以规则库和方法库为核心,融入了层次知识库的设计思想,通过事件处理引擎调配知识库中的规则库和方法库,协同知识库与数据库的通信. 相似文献
7.
JIANG Zong-hua 《数字社区&智能家居》2008,(36)
建立了一种基于模块化本体的入侵检测模型,该模型能共享和重用知识并进行分析,具有检测分布式复杂攻击的能力。通过本体的模块化降低对存储空间的要求、提高推理的速度、增强系统的健壮性。用OWL对入侵检测中的模块化本体进行了规格说明并进行了应用举例。 相似文献
8.
基于增量式GHSOM神经网络模型的入侵检测研究 总被引:3,自引:0,他引:3
传统的网络入侵检测方法利用已知类型的攻击样本以离线的方式训练入侵检测模型,虽然对已知攻击类型具有较高的检测率,但是不能识别网络上新出现的攻击类型.这样的入侵检测系统存在着建立系统的速度慢、模型更新代价高等不足,面对规模日益扩大的网络和层出不穷的攻击,缺乏自适应性和扩展性,难以检测出网络上新出现的攻击类型.文中对GHSOM(Growing Hierarchical Self-Organizing Maps)神经网络模型进行了扩展,提出了一种基于增量式GHSOM神经网络模型的网络入侵检测方法,在不破坏已学习过的知识的同时,对在线检测过程中新出现的攻击类型进行增量式学习,实现对入侵检测模型的动态扩展.作者开发了一个基于增量式GHSOM神经网络模型的在线网络入侵检测原型系统,在局域网环境下开展了在线入侵检测实验.实验结果表明增量式GHSOM入侵检测方法具有动态自适应性,能够实现在线检测过程中对GHSOM模型的动态更新,而且对于网络上新出现的攻击类型,增量式GHSOM算法与传统GHSOM算法的检测率相当. 相似文献
9.
10.
基于规则的IDS中的CBR研究 总被引:2,自引:0,他引:2
本文在入侵检测系统(IDS)中引入基于案例的推(CBR)来降低基于规则的精确匹配所造成的漏报率,有效地检测由已知攻击变异成的攻击。描述了实现CBR的步骤;给出了由规则设计和构造案例库的启发式方法;分析了实现CBR的有关算法;最后给出在入侵检测系统Snort上扩充CBR功能的实验结果。 相似文献
11.
基于智能体的混合知识自适应推理控制 总被引:2,自引:0,他引:2
本文将传统的混合知识表示法推广,建立了一个将一般知识、案例知识、模型知识、模型知识及神经网络知识有机集成的结构.该种知识表示结构有助于知识的搜索、匹配和推理控制,解决了复杂问题的知识表示.为适应推理方法的需要,将各种不同的推理方法有机融合与集成,提出一种基于智能体的自适应推理控制结构,该种自适应推理控制结构对于改进解决复杂问题的效果以及提高解决复杂问题的效率具有重要意义。 相似文献
12.
《International journal of man-machine studies》1991,34(6):797-837
A central task underlying many of the activities of attorneys is inferring the legal consequences of a given set of facts. GREBE (GeneratoR of Exemplar-Based Explanations) is a system that uses detailed knowledge of the facts and reasoning of specific past cases, together with legal rules and common-sense knowledge, to determine and justify the legal consequences of new cases. GREBE can apply either rule-based reasoning or case-based reasoning to goals at any level of its analysis. GREBE uses an approach to case-based reasoning in which new cases are compared with the smallest collections of precedent facts that justified an individual inference step in the explanation of a precedent case. This enables knowledge of the interactions among individual inference steps in a precedent to be used in case comparison. Case comparison is also assisted by an expressive semantic network representation of case facts. Techniques are presented for retrieving and comparing cases represented in this formalism. GREBE's output is a memorandum that justifies a legal conclusion in terms of the applicable precedents and legal rules. 相似文献
13.
《Engineering Applications of Artificial Intelligence》2002,15(2):193-203
Case-based reasoning (CBR) is used when generalized knowledge is lacking. The method works on a set of cases formerly processed and stored in the case base. A new case is interpreted based on its similarity to cases in the case base. The closest case with its associated result is selected and presented as output of the system. Recently, dissimilarity-based classification (DSC) has been introduced due to the curse of dimensionality of feature spaces and the problem arising when trying to make image features explicitly. The approach classifies samples based on their dissimilarity value to all training samples. In this paper we are reviewing the basic properties of these two approaches. We show the similarity of dissimilarity-based classification to case-based reasoning. Finally, we conclude that dissimilarity-based classification is a variant of case-based reasoning and that most of the open problems in dissimilarity-based classification are research topics of case-based reasoning. 相似文献
14.
15.
Evaluation and selection of the software packages is complicated and time consuming decision making process. Selection of inappropriate software package can turn out to be costly and adversely affects business processes and functioning of the organization. In this paper we describe (i) generic methodology for software selection, (ii) software evaluation criteria, and (iii) hybrid knowledge based system (HKBS) approach to assist decision makers in evaluation and selection of the software packages. The proposed HKBS approach employs an integrated rule based and case based reasoning techniques. Rule based reasoning is used to capture user needs of the software package and formulate a problem case. Case based reasoning is used to retrieve and compare candidate software packages with the user needs of the package. This paper also evaluates and compares HKBS approach with the widely used existing software evaluation techniques such as analytic hierarchy process (AHP) and weighted scoring method (WSM). 相似文献
16.
An important goal of autonomic computing is the development of computing systems that are capable of self healing with a minimum
of human intervention. Typically, recovery from even a simple fault will require knowledge of the environment in which a computing
system operates. To meet this need, we present an approach to self healing and recovery informed by environment knowledge
that combines case based reasoning (CBR) and rule based reasoning. Specifically, CBR is used for fault diagnosis and rule
based reasoning for fault remediation, recovery, and referral. We also show how automated information gathering from available
sources in a computing system’s environment can increase problem solving efficiency and help to reduce the occurrence of service
failures. Finally, we demonstrate the approach in an intelligent system for fault management in a local printer network. 相似文献
17.
In this paper we discuss reasoning about reasoning in a multiple agent scenario. We consider agents that are perfect reasoners, loyal, and that can take advantage of both the knowledge and ignorance of other agents. The knowledge representation formalism we use is (full) first order predicate calculus, where different agents are represented by different theories, and reasoning about reasoning is realized via a meta-level representation of knowledge and reasoning. The framework we provide is pretty general: we illustrate it by showing a machine checked solution to the three wisemen puzzle. The agents' knowledge is organized into units: the agent's own knowledge about the world and its knowledge about other agents are units containing object-level knowledge; a unit containing meta-level knowledge embodies the reasoning about reasoning and realizes the link among units. In the paper we illustrate the meta-level architecture we propose for problem solving in a multi-agent scenario; we discuss our approach in relation to the modal one and we compare it with other meta-level architectures based on logic. Finally, we look at a class of applications that can be effectively modeled by exploiting the meta-level approach to reasoning about knowledge and reasoning. 相似文献
18.
Exception handling plays a key role in dynamic workflow management that enables streamlined business processes. Handling application-specific exceptions is a knowledge-intensive process involving different decision-making strategies and a variety of knowledge, especially much fuzzy knowledge. Current efforts in workflow exception management are not adequate to support the knowledge-based exception handling. This paper proposes a hybrid exception handling approach based on two extended knowledge models, i.e., generalized fuzzy event–condition–action (GFECA) rule and typed fuzzy Petri net extended by process knowledge (TFPN-PK). The approach realizes integrated representation and reasoning of fuzzy and non-fuzzy knowledge as well as specific application domain knowledge and workflow process knowledge. In addition, it supports two handling strategies, i.e., direct decision and analysis-based decision, during exception management. The approach fills in the gaps in existing related researches, i.e., only providing the capability of direct exception handling and neglecting fuzzy knowledge. Based on TFPN-PK, a weighted fuzzy reasoning algorithm is designed to address the reasoning problem of uncertain goal propositions and known goal concepts by combining forward reasoning with backward reasoning and therefore to facilitate cause analysis and handling of workflow exceptions. A prototype system is developed to implement the proposed approach. 相似文献
19.
《Advanced Engineering Informatics》2012,26(2):361-382
Architectural floor plan layout design is what architects and designers do when they conceptually combine design units, such as rooms or compartments. At the end of this activity, they deliver precise geometric schemas as solutions to particular problems. More research on this topic is needed to develop productive tools. The authors propose orthogonal compartment placement (OCP) as a new approach to this activity. OCP includes a problem formulation and a solution method in which qualitative and quantitative knowledge are combined. Topological knowledge underlies human spatial reasoning. Computers can adequately perform repetitive topological reasoning. We believe that OCP is the first approach in CAAD to incorporate a full relational algebra to generate floor plan layouts. Based on block algebra (BA) and constraint satisfaction (CS), OCP can generate candidate solutions that correspond to distinct topological options. The analysis of a case study using a prototype tool is included. 相似文献
20.
针对航天产品试验样本少,寿命评估难的特点,结合产品在研制阶段多种工作环境的失效数据,提出了一种基于证据推理(evidential reasoning,ER)和置信规则库(belief-rule-base,BRB)进行装备寿命评估的新方法.首先,分析了模型的合理性并使用多维BRB模型将多种环境下的寿命数据折合为标准工作环境下的寿命数据,然后通过ER算法将折合后数据和实际工作环境数据进行融合.其次,详细说明了BRB--ER模型的推理过程和寿命评估的步骤.最后,采用某航天产品的失效数据对该方法进行了验证,并用已有的产品寿命的固定值进行BRB的参数更新.研究结果表明,在专家知识准确合理时,该模型能够准确地评估产品寿命,并可根据已有的产品的固定寿命进行训练,建立更加准确的寿命预测模型. 相似文献