计算机工程与应用 ›› 2008, Vol. 44 ›› Issue (7): 141-143.

• 网络、通信与安全 • 上一篇    下一篇

基于增量决策树的快速IDS研究与实现

刘 波1,梁活民1,2   

  1. 1.华南师范大学 计算机学院,广州 510631
    2.茂名学院 信息与网络中心,广东 茂名 525000
  • 收稿日期:2007-06-22 修回日期:2007-09-03 出版日期:2008-03-01 发布日期:2008-03-01
  • 通讯作者: 刘 波

Study and implementation of fast IDS based on algorithm of increment decision-making tree

LIU Bo1,LIANG Huo-min1,2   

  1. 1.School of Computer,South China Normal University,Guangzhou 510631,China
    2.Information and Network Center,Maoming College,Maoming,Guangdong 525000,China
  • Received:2007-06-22 Revised:2007-09-03 Online:2008-03-01 Published:2008-03-01
  • Contact: LIU Bo

摘要: 随着攻击的日益增多和高速网络的普及,对IDS的性能要求也日益提高,Kruegel将ID3决策树引入到入侵检测系统中,有效地提高了入侵检测的速度,但该方法在增加规则时需要完全重建决策树,而且占用内存过大,对于要求实时性的应用场合并不适合。引入基于增量学习的ID5R决策树算法,并对规则属性处理方式进行优化,在保证检测速度的同时解决了实时增加规则和占用内存过大的问题。

Abstract: With increase of cyber attack incident and popularization of high speed network,the performance of IDS must be improved.Kruegel applied the ID3 algorithm based on decision-making tree to IDS,which can effectively improve the processing speed of intrusion detection.However,with this method a new decision-making tree must be built each time when rules are appended.Furthermore,it requires too much memory.So it is unfit for real-time applications.In this paper the author introduces the ID5R decision-making tree algorithm based on increment learning and optimize processing of rule attributes to overcome the problems.