作者:王一萍1,2,陈波1,吴坚1
作者单位:(1. 西南科技大学 计算机学院,四川 绵阳 621010;
2. 齐齐哈尔大学 信息科学与电气工程学院,黑龙江 齐齐哈尔 161006)
摘要:入侵检测系统(IDS)的任务是监视计算机系统或网络中的事件,分析、反映隐藏的安全问题。基于数据挖掘的IDS由数据收集、数据挖掘、模式匹配及决策等模块组成。通过挖掘算法、关联规则、规则匹配等确定入侵。该系统可检测新型攻击和已知攻击的变种;自动处理数据,抽取有用成分;剔除重复攻击数据;自动提取肉眼难以发现的网络行为模式等。
英文题名:Study on Intrusion Detection System Based on Data Mining
Abstract: The task of intrusion detection system (IDS) is to monitor event in computer system or network resources, and to analyze and possibly prevent hidden security problems. Data mining-based IDS are composed of data collection, data mining, mode match and module of making policy etc. The intrusion was confirmed through mining algorithm, association rule, rule match etc. The system can detect the new-type mutation that attacks and already knowing to be attacked, can automatically pre-process data and draw out useful component, eliminate repeat the repeated data of attacking, and Draw the network behavior mode that naked eye is difficult to find and wait automatically.
