J4 ›› 2006, Vol. 28 ›› Issue (2): 28-30.
• 论文 • 上一篇 下一篇
宋世杰[1] 胡华平[2] 周嘉伟[2] 金士尧[2]
出版日期:
发布日期:
Online:
Published:
摘要:
本文提出一种基于序列模式挖掘的误用入侵检测系统框架,克服了Wenke Lee在网络层使用频繁片断算法对入侵行为进行统计分析的局限性。该系统针对应用层攻击,能够识别攻击行为的先后次序,是一种在协议分析基础上的行为分析技术。实验表明,该系统能更准确地描述攻击,可以检测出只包含一次特征的攻击。
关键词: 数据挖掘 频繁片段 序列模式 行为分析
Abstract:
This paper presents a framework of misuse IDS based on sequential pattern mining. The system can distinguish the order of attack behaviors at the application layer, which belongs to the behavior analysis technique based on protocol analysis, and overcome the limitation of Wenke Lee's method, which peerforms statistical analysis against intrusion be haviors at the network layer with the frequent episode algorithm. Experiments indicate that the IDS de scribes attacks more accurately, and it can detect those attacks whose features appear only once.
Key words: data mining, frequent episode, sequential pattern, behavior analysis
宋世杰[1] 胡华平[2] 周嘉伟[2] 金士尧[2]. 基于序列模式挖掘的误用入侵检测系统框架研究[J]. J4, 2006, 28(2): 28-30.
0 / / 推荐
导出引用管理器 EndNote|Ris|BibTeX
链接本文: http://joces.nudt.edu.cn/CN/
http://joces.nudt.edu.cn/CN/Y2006/V28/I2/28