计算机工程与应用 ›› 2013, Vol. 49 ›› Issue (18): 69-72.

• 网络、通信、安全 • 上一篇    下一篇

改进数据挖掘算法在入侵检测系统中的应用

赵艳君1,魏明军2   

  1. 1.河北联合大学 理学院,河北 唐山 063009
    2.河北联合大学 信息学院,河北 唐山 063009
  • 出版日期:2013-09-15 发布日期:2013-09-13

Application and realization of improved data mining algorithm in intrusion detection system

ZHAO Yanjun1, WEI Mingjun2   

  1. 1.College of Science, Hebei United University, Tangshan, Hebei 063009, China
    2.College of Information Engineering, Hebei United University, Tangshan, Hebei 063009, China
  • Online:2013-09-15 Published:2013-09-13

摘要: 针对已有检测机制存在的对于未知攻击行为无能为力、漏报率较高、检测效率低以及缺少规则库自动扩充机制等问题,结合数据挖掘技术的相关知识,设计了基于数据挖掘的改进网络入侵检测系统模型。模型中选取聚类分析K-means算法和关联规则挖掘Apriori算法,并对其进行改进。用改进的K-means算法实现正常行为类及数据分离模块,用改进Apriori算法实现规则库的自动扩充功能,并通过实验验证了两个算法的功能。

关键词: 数据挖掘, 入侵检测, 改进, K-means算法, Apriori算法

Abstract: Aiming to the existing problem of the powerless, high false negative rate, low detection efficiency and the lack of the rule base automatic extension mechanism to unknown aggressive behavior for existing detection mechanisms, combining the relevant knowledge of data mining technology, this paper designs one improved network intrusion detection system model based on data mining, combining misuse detection and anomaly detection. The model selects the K-means algorithm in clustering analysis and the Apriori algorithm in association rule mining and improves it. It applies the improved K-means algorithm to achieving normal behavior classes and data separation module, then utilizes the improved Apriori algorithm to achieve automatic extension of the rule base. By the experiment it verifies the function of the two algorithms.

Key words: data mining, intrusion detection, improved, K-means algorithm, Apriori algorithm