论文部分内容阅读
研究关联规则的高效挖掘算法对于提高入侵检测的准确性和时效性具有非常重要的意义。针对现行的入侵检测方法建立的正常模式和异常模式不够准确、完善,容易造成误警或漏警的问题,本文将改进后的关联规则挖掘算法-XARM和关联规则增量更新算法-SFUP应用于网络入侵检测,提出了新的入侵检测方法,该方法通过挖掘训练审计数据中的频繁项集建立系统和用户的正常行为模型以及入侵行为模型。
It is very important to study the efficient mining algorithm of association rules to improve the accuracy and timeliness of intrusion detection. Aiming at the problems that the normal mode and abnormal mode established by the current intrusion detection methods are not accurate and perfect, it is easy to cause false alarms or missed alarms. In this paper, the improved algorithm of association rules mining-XARM and the algorithm of incremental updating of association rules Network intrusion detection, a new intrusion detection method is proposed. This method establishes the normal behavior model and intrusion behavior model of system and user by mining frequent itemsets in training audit data.