关键词: 数据挖掘 频繁片段 序列模式 行为分析

Abstract:

This paper presents a framework of misuse IDS based on sequential pattern mining. The system can distinguish the order of attack behaviors at the application layer, which belongs to the behavior analysis technique based on protocol analysis, and overcome the limitation of Wenke Lee＇s method, which peerforms statistical analysis against intrusion be haviors at the network layer with the frequent episode algorithm. Experiments indicate that the IDS de scribes attacks more accurately, and it can detect those attacks whose features appear only once.

Key words: data mining, frequent episode, sequential pattern, behavior analysis