计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2013年
18期
69-72,115
,共5页
数据挖掘%入侵检测%改进%K-means算法%Apriori算法
數據挖掘%入侵檢測%改進%K-means算法%Apriori算法
수거알굴%입침검측%개진%K-means산법%Apriori산법
data mining%intrusion detection%improved%K-means algorithm%Apriori algorithm
针对已有检测机制存在的对于未知攻击行为无能为力、漏报率较高、检测效率低以及缺少规则库自动扩充机制等问题,结合数据挖掘技术的相关知识,设计了基于数据挖掘的改进网络入侵检测系统模型。模型中选取聚类分析K-means算法和关联规则挖掘Apriori算法,并对其进行改进。用改进的K-means算法实现正常行为类及数据分离模块,用改进Apriori算法实现规则库的自动扩充功能,并通过实验验证了两个算法的功能。
針對已有檢測機製存在的對于未知攻擊行為無能為力、漏報率較高、檢測效率低以及缺少規則庫自動擴充機製等問題,結閤數據挖掘技術的相關知識,設計瞭基于數據挖掘的改進網絡入侵檢測繫統模型。模型中選取聚類分析K-means算法和關聯規則挖掘Apriori算法,併對其進行改進。用改進的K-means算法實現正常行為類及數據分離模塊,用改進Apriori算法實現規則庫的自動擴充功能,併通過實驗驗證瞭兩箇算法的功能。
침대이유검측궤제존재적대우미지공격행위무능위력、루보솔교고、검측효솔저이급결소규칙고자동확충궤제등문제,결합수거알굴기술적상관지식,설계료기우수거알굴적개진망락입침검측계통모형。모형중선취취류분석K-means산법화관련규칙알굴Apriori산법,병대기진행개진。용개진적K-means산법실현정상행위류급수거분리모괴,용개진Apriori산법실현규칙고적자동확충공능,병통과실험험증료량개산법적공능。
Aiming to the existing problem of the powerless, high false negative rate, low detection efficiency and the lack of the rule base automatic extension mechanism to unknown aggressive behavior for existing detection mechanisms, combining the rel-evant knowledge of data mining technology, this paper designs one improved network intrusion detection system model based on data mining, combining misuse detection and anomaly detection. The model selects the K-means algorithm in clustering analysis and the Apriori algorithm in association rule mining and improves it. It applies the improved K-means algorithm to achieving normal behavior classes and data separation module, then utilizes the improved Apriori algorithm to achieve automatic extension of the rule base. By the experiment it verifies the function of the two algorithms.
