| 基于行为模式挖掘的网络入侵检测 |
| |
| 引用本文: | 杨向荣,宋擒豹,沈钧毅.基于行为模式挖掘的网络入侵检测[J].西安交通大学学报,2002,36(2):173-176,189. |
| |
| 作者姓名: | 杨向荣 宋擒豹 沈钧毅 |
| |
| 作者单位: | 西安交通大学电子与信息工程学院,西安,710049 |
| |
| 基金项目: | 国家“八六三”计划资助项目 (86 3- 30 6 -QN2 0 0 0 - 5 ),西安交通大学科学研究基金资助项目 |
| |
| 摘 要: | 基于系统模型DMIDS,提出了一种有效防范网络入侵的方法。该方法基于IP包信息挖掘出用户的频繁行为模式,能自动建立正常和异常的用户行为规则库;利用相似性匹配,能实时地检测出已知的和未知的攻击。详细介绍了用户频繁行为模式挖掘算法--IDSPADE,实验结果表明该算法能够有效地发现多种网络入侵行为。和现有基于知识工程的方法相比,该方法具有更高的智能性和环境适应性。
|
| 关 键 词: | 网络入侵检测 行为模式挖掘 计算机信息安全 网络安全 相似性匹配 用户行为规则库 |
| 文章编号: | 0253-987X(2002)02-0173-04 |
Network Intrusion Detection Based on Behavior Patterns Mining |
| |
| Yang Xiangrong,Song Qinbao,Shen Junyi.Network Intrusion Detection Based on Behavior Patterns Mining[J].Journal of Xi'an Jiaotong University,2002,36(2):173-176,189. |
| |
| Authors: | Yang Xiangrong Song Qinbao Shen Junyi |
| |
| Abstract: | An efficient method based on data mining is presented for detecting network intrusion. According to this method, user's behavior patterns are mined from IP packets, and used to build user's behavior rules base automatically. By comparing similarity, the new method can be used to detect known and unknown network attacks in real time. The user's behavior patterns mining algorithm IDSPADE is described in detail, which is the most important part of DMIDS. The experimental results indicate that this algorithm is efficient enough to meet the needs of active detect novel intrusion. Compared with most existing systems by using the pure knowledge engineering approaches, the algorithm is more intelligent and adaptive. |
| |
| Keywords: | network intrusion detection behavior patterns mining computer information security |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
