CAJ | 학술논문

网络入侵检测是信息安全重要的研究问题.近年来,这方面的研究取得了很多很好的成果,但大部分方法面临检测率不高的特点.基于异常的入侵检测通常是人为选择网络连接属性,这些属性在正常和异常时具有比较明显的区别,以此来判断未知的网络连接正常与否.该方法具有一定的随机性,从而影响检测率.首先提出一种基于正常网络连接序列内在规则的属性选择算法,实现属性选择的自动化,并同时将多维序列压缩到一维序列;其次使用序列挖掘的方法训练网络连接得到正常规则库,然后利用正常网络连接规则库判断新的网络连接是否正常;最后,在KDD99数据集上进行试验,结果显示,算法检测率较高.
망락입침검측시신식안전중요적연구문제.근년래,저방면적연구취득료흔다흔호적성과,단대부분방법면림검측솔불고적특점.기우이상적입침검측통상시인위선택망락련접속성,저사속성재정상화이상시구유비교명현적구별,이차래판단미지적망락련접정상여부.해방법구유일정적수궤성,종이영향검측솔.수선제출일충기우정상망락련접서렬내재규칙적속성선택산법,실현속성선택적자동화,병동시장다유서렬압축도일유서렬;기차사용서렬알굴적방법훈련망락련접득도정상규칙고,연후이용정상망락련접규칙고판단신적망락련접시부정상;최후,재KDD99수거집상진행시험,결과현시,산법검측솔교고.
Network intrusion detection is an important aspect of information security.Many good results in this aspect have been obtained in recent years.Most of them face the problem of low detection rate.The network connection's attributes which have the character of obvious distinction between normal and abnormal are often chosen by experts to judge whether the new network connections are normal.This method has some randomness which affects the detection rate.A method which aims to choose attributes based on the inherent law of normal network connections is proposed.The attributes can be chosen such that the high dimensional data can be transformed to one dimension automatically.The method of sequence data mining is used to find the rules of normal network connections.The new network connections can be detected by these rules.An experiment has been done on the datum of KDD99.The result indicates that the method of this paper has high detection rate.