南京航空航天大学学报(英文版)2005,Vol.22Issue(3):247-251,5.
基于模糊数据挖掘的网络入侵检测模型
INTERNET INTRUSION DETECTION MODEL BASED ON FUZZY DATA MINING
摘要
Abstract
An intrusion detection (ID) model is proposed based on the fuzzy data mining method. A major difficulty of anomaly ID is that patterns of the normal behavior change with time. In addition, an actual intrusion with a small deviation may match normal patterns. So the intrusion behavior cannot be detected by the detection system.To solve the problem, fuzzy data mining technique is utilized to extract patterns representing the normal behavior of a network. A set of fuzzy association rules mined from the network data are shown as a model of "normal behaviors". To detect anomalous behaviors, fuzzy association rules are generated from new audit data and the similarity with sets mined from "normal" data is computed. If the similarity values are lower than a threshold value,an alarm is given. Furthermore, genetic algorithms are used to adjust the fuzzy membership functions and to select an appropriate set of features.关键词
入侵检测/数据挖掘/模糊逻辑/遗传算法/异常检测Key words
intrusion detection/data mining/fuzzy logic/genetic algorithm/anomaly detection分类
信息技术与安全科学引用本文复制引用
陈慧萍,王建东,叶飞跃,王煜..基于模糊数据挖掘的网络入侵检测模型[J].南京航空航天大学学报(英文版),2005,22(3):247-251,5.基金项目
国家"九七三"计划(G1999032701)资助项目.Supported by the National Basic Research "973" Program of China (G1999032701). (G1999032701)
