摘要
入侵检测系统一直以来都是多层安全体系架构不可或缺的一部分。异常检测试图判定程序当前行为与已建立的正常的运行模式是否发生较大偏移来判断入侵的发生 ,能有效地识别未知的入侵模式 ,具有较高的检测率。传统的检测方式通常将结果判定为真或假 ,并由于各种因素的影响而产生了伪肯定和伪否定。通过将网络行为的可能攻击程度描述为连续量 ,并分析检测规则的置信度和网络行为的可能攻击程度之间存在的关系 ,以检测规则的置信度来判定是攻击行为的可能性 。
Intrusion Detection Systems have long been recognized as a necessary component of a multilayered security architecture. Anomaly detection attempts to compare current program behavior with normal program' profile produced in advance and automatically detects any deviation from it, identify new types of intrusions as deviations from normal usage, hence it has high detection rate. Traditional detection method depicts result with true of false simply,because of all kinds of factors ,False positives and false negatives exists all the time.Characterizing network action's attack possibility by consecutive variable, analyzing the relationship between the confidence of the detection rules and possibility of that a network action is an attack, we provide a model of anomaly detection based on confidence by using confidence of a detection rule to judge the network action.
出处
《计算机仿真》
CSCD
2005年第1期167-169,共3页
Computer Simulation
基金
暨南大学自然科学基金 ( 2 0 0 3 0 2 3 )
关键词
异常检测
关联规则
序列模式挖掘
置信度
Anomaly detection
Association rule
Sequential pattern mining
Confidence
