长沙理工大学学报:自然科学版
長沙理工大學學報:自然科學版
장사리공대학학보:자연과학판
Journal of Changsha University of Science and Technology:Natural Science
2011年
4期
86-91
,共6页
规则挖掘%入侵检测系统%模糊逻辑%数据挖掘
規則挖掘%入侵檢測繫統%模糊邏輯%數據挖掘
규칙알굴%입침검측계통%모호라집%수거알굴
rule miner%intrusion detection system%fuzzy logic%data mining
针对基于网络的入侵检测系统Snort,提出了一种新颖的规则挖掘方法.这种方法希望帮助Snort入侵检测系统,自动从检测的攻击数据中生成误用检测规则,实现自动检测最新攻击和异常攻击的能力.为了达到这样的功能,设计了一个规则挖掘模块,它能够应用数据挖掘技术从收集的检测攻击包中提出新的攻击规则,并且转化到Snort系统的检测规则模式用来进行在线入侵检测.在KDD-99数据集的试验结果表明,该方法适合实时规则挖掘,并且通过提供高精度的入侵检测和低误报率的正常网络数据流检测而超越了其他分类方法.
針對基于網絡的入侵檢測繫統Snort,提齣瞭一種新穎的規則挖掘方法.這種方法希望幫助Snort入侵檢測繫統,自動從檢測的攻擊數據中生成誤用檢測規則,實現自動檢測最新攻擊和異常攻擊的能力.為瞭達到這樣的功能,設計瞭一箇規則挖掘模塊,它能夠應用數據挖掘技術從收集的檢測攻擊包中提齣新的攻擊規則,併且轉化到Snort繫統的檢測規則模式用來進行在線入侵檢測.在KDD-99數據集的試驗結果錶明,該方法適閤實時規則挖掘,併且通過提供高精度的入侵檢測和低誤報率的正常網絡數據流檢測而超越瞭其他分類方法.
침대기우망락적입침검측계통Snort,제출료일충신영적규칙알굴방법.저충방법희망방조Snort입침검측계통,자동종검측적공격수거중생성오용검측규칙,실현자동검측최신공격화이상공격적능력.위료체도저양적공능,설계료일개규칙알굴모괴,타능구응용수거알굴기술종수집적검측공격포중제출신적공격규칙,병차전화도Snort계통적검측규칙모식용래진행재선입침검측.재KDD-99수거집적시험결과표명,해방법괄합실시규칙알굴,병차통과제공고정도적입침검측화저오보솔적정상망락수거류검측이초월료기타분류방법.
A novel rule miner method was proposed for Snort network-based intrusion detection system(NIDS).This method firstly wish to help the Snort NIDS to automatically generate rules from detection attack data,and implement the ability of detection novel and abnormal attack behaviors.On the other hand,a rule miner module is implemented by applying data mining technique to extract new attack rules from attack packages collected,and convert the patterns to Snort detection rules for on-line intrusion detection.The experimental results on KDD-99 dataset show that the proposed method is suitable for real-time rule mining,and outperforms other classifier methods by providing the highest detection accuracy for intrusion attacks and low false rate for normal network traffic.
