基于增量决策树的快速IDS研究与实现

计算机工程与应用 ›› 2008, Vol. 44 ›› Issue (7): 141-143.

基于增量决策树的快速IDS研究与实现

刘波¹,梁活民^1,2

1.华南师范大学计算机学院，广州 510631
2.茂名学院信息与网络中心，广东茂名 525000

收稿日期:2007-06-22 修回日期:2007-09-03 出版日期:2008-03-01 发布日期:2008-03-01
通讯作者: 刘波

Study and implementation of fast IDS based on algorithm of increment decision-making tree

LIU Bo¹,LIANG Huo-min^1,2

1.School of Computer，South China Normal University，Guangzhou 510631，China
2.Information and Network Center，Maoming College，Maoming，Guangdong 525000，China

Received:2007-06-22 Revised:2007-09-03 Online:2008-03-01 Published:2008-03-01
Contact: LIU Bo

摘要/Abstract

摘要： 随着攻击的日益增多和高速网络的普及，对IDS的性能要求也日益提高，Kruegel将ID3决策树引入到入侵检测系统中，有效地提高了入侵检测的速度，但该方法在增加规则时需要完全重建决策树，而且占用内存过大，对于要求实时性的应用场合并不适合。引入基于增量学习的ID5R决策树算法，并对规则属性处理方式进行优化，在保证检测速度的同时解决了实时增加规则和占用内存过大的问题。

Abstract: With increase of cyber attack incident and popularization of high speed network，the performance of IDS must be improved.Kruegel applied the ID3 algorithm based on decision-making tree to IDS，which can effectively improve the processing speed of intrusion detection.However，with this method a new decision-making tree must be built each time when rules are appended.Furthermore，it requires too much memory.So it is unfit for real-time applications.In this paper the author introduces the ID5R decision-making tree algorithm based on increment learning and optimize processing of rule attributes to overcome the problems.

刘波¹,梁活民^1,2. 基于增量决策树的快速IDS研究与实现[J]. 计算机工程与应用, 2008, 44(7): 141-143.

LIU Bo¹,LIANG Huo-min^1,2. Study and implementation of fast IDS based on algorithm of increment decision-making tree[J]. Computer Engineering and Applications, 2008, 44(7): 141-143.