计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2010年
5期
89-92,153
,共5页
赵欣%叶茂%朱莺嘤%郑凯元
趙訢%葉茂%硃鶯嚶%鄭凱元
조흔%협무%주앵앵%정개원
入侵检测%序列挖掘%网络安全%KDD99
入侵檢測%序列挖掘%網絡安全%KDD99
입침검측%서렬알굴%망락안전%KDD99
intrusion detection%sequence data mining%network security%KDD99
网络入侵检测是信息安全重要的研究问题.近年来,这方面的研究取得了很多很好的成果,但大部分方法面临检测率不高的特点.基于异常的入侵检测通常是人为选择网络连接属性,这些属性在正常和异常时具有比较明显的区别,以此来判断未知的网络连接正常与否.该方法具有一定的随机性,从而影响检测率.首先提出一种基于正常网络连接序列内在规则的属性选择算法,实现属性选择的自动化,并同时将多维序列压缩到一维序列;其次使用序列挖掘的方法训练网络连接得到正常规则库,然后利用正常网络连接规则库判断新的网络连接是否正常;最后,在KDD99数据集上进行试验,结果显示,算法检测率较高.
網絡入侵檢測是信息安全重要的研究問題.近年來,這方麵的研究取得瞭很多很好的成果,但大部分方法麵臨檢測率不高的特點.基于異常的入侵檢測通常是人為選擇網絡連接屬性,這些屬性在正常和異常時具有比較明顯的區彆,以此來判斷未知的網絡連接正常與否.該方法具有一定的隨機性,從而影響檢測率.首先提齣一種基于正常網絡連接序列內在規則的屬性選擇算法,實現屬性選擇的自動化,併同時將多維序列壓縮到一維序列;其次使用序列挖掘的方法訓練網絡連接得到正常規則庫,然後利用正常網絡連接規則庫判斷新的網絡連接是否正常;最後,在KDD99數據集上進行試驗,結果顯示,算法檢測率較高.
망락입침검측시신식안전중요적연구문제.근년래,저방면적연구취득료흔다흔호적성과,단대부분방법면림검측솔불고적특점.기우이상적입침검측통상시인위선택망락련접속성,저사속성재정상화이상시구유비교명현적구별,이차래판단미지적망락련접정상여부.해방법구유일정적수궤성,종이영향검측솔.수선제출일충기우정상망락련접서렬내재규칙적속성선택산법,실현속성선택적자동화,병동시장다유서렬압축도일유서렬;기차사용서렬알굴적방법훈련망락련접득도정상규칙고,연후이용정상망락련접규칙고판단신적망락련접시부정상;최후,재KDD99수거집상진행시험,결과현시,산법검측솔교고.
Network intrusion detection is an important aspect of information security.Many good results in this aspect have been obtained in recent years.Most of them face the problem of low detection rate.The network connection's attributes which have the character of obvious distinction between normal and abnormal are often chosen by experts to judge whether the new network connections are normal.This method has some randomness which affects the detection rate.A method which aims to choose attributes based on the inherent law of normal network connections is proposed.The attributes can be chosen such that the high dimensional data can be transformed to one dimension automatically.The method of sequence data mining is used to find the rules of normal network connections.The new network connections can be detected by these rules.An experiment has been done on the datum of KDD99.The result indicates that the method of this paper has high detection rate.