Computer Engineering and Applications ›› 2010, Vol. 46 ›› Issue (5): 89-92.DOI: 10.3778/j.issn.1002-8331.2010.05.027

• 网络、通信、安全 • Previous Articles     Next Articles

Novel network intrusion detection algorithm based on sequence data mining

ZHAO Xin,YE Mao,ZHU Ying-ying,ZHENG Kai-yuan   

  1. School of Computer Science and Engineering,University of Electronic Science and Technology of China,Chengdu 610054,China
  • Received:2008-08-25 Revised:2008-10-28 Online:2010-02-11 Published:2010-02-11
  • Contact: ZHAO Xin

一种基于序列挖掘的网络入侵检测新方法

赵 欣,叶 茂,朱莺嘤,郑凯元   

  1. 电子科技大学 计算机学院,成都 610054
  • 通讯作者: 赵 欣

Abstract: Network intrusion detection is an important aspect of information security.Many good results in this aspect have been obtained in recent years.Most of them face the problem of low detection rate.The network connection’s attributes which have the character of obvious distinction between normal and abnormal are often chosen by experts to judge whether the new network connections are normal.This method has some randomness which affects the detection rate.A method which aims to choose attributes based on the inherent law of normal network connections is proposed.The attributes can be chosen such that the high dimensional data can be transformed to one dimension automatically.The method of sequence data mining is used to find the rules of normal network connections.The new network connections can be detected by these rules.An experiment has been done on the datum of KDD99.The result indicates that the method of this paper has high detection rate.

Key words: intrusion detection, sequence data mining, network security, KDD99

摘要: 网络入侵检测是信息安全重要的研究问题。近年来,这方面的研究取得了很多很好的成果,但大部分方法面临检测率不高的特点。基于异常的入侵检测通常是人为选择网络连接属性,这些属性在正常和异常时具有比较明显的区别,以此来判断未知的网络连接正常与否。该方法具有一定的随机性,从而影响检测率。首先提出一种基于正常网络连接序列内在规则的属性选择算法,实现属性选择的自动化,并同时将多维序列压缩到一维序列;其次使用序列挖掘的方法训练网络连接得到正常规则库,然后利用正常网络连接规则库判断新的网络连接是否正常;最后,在KDD99数据集上进行试验,结果显示,算法检测率较高。

关键词: 入侵检测, 序列挖掘, 网络安全, KDD99

CLC Number: