摘要
在分析国内外现有入侵检测技术和系统的基础上 ,提出了一种基于时态知识模型和可变滑动窗口的实时模式提取算法 ,并在此基础上 ,实现了基于规则的、层次化的智能入侵检测原型系统 (RIDES) .实验结果表明 :该系统不仅能快速检测网络入侵 ,而且具有一定的学习能力 ,能够适应不同的网络应用环境 .
On the basis of analyzing of existing method and system, this paper presents a real time intrusion detection expert system (RIDES). A new layered structure which can easily deal with huge amount of data is applied to RIDES. In order to effectively detect intrusion in real time, a pattern extraction algorithm based on temporal knowledge model and varying glide time window is provided. The temporal knowledge model we suggested takes account into time factor, which is helpful for extracting temporal knowledge. To demonstrate the validity of the algorithm, RIDES is developed on Linux operating system, and tested in real network environment. The experimental results reveal that the system can detect and report variety of intrusions and the algorithm is viable. The system can be easily integrated into network security products.
出处
《计算机学报》
EI
CSCD
北大核心
2003年第11期1591-1597,共7页
Chinese Journal of Computers
基金
国家自然科学基金 ( 60 13 2 0 3 0
69983 0 0 5 )
国家教育部博士点基金(RFDP19990 4860 2 )资助
