随着以太网的快速发展,基于网络的攻击方式越来越多,传统的入侵检测系统越来越难以应付;将数据挖掘技术引入到入侵检测系统中来,分析网络中各种行为记录中潜在的攻击信息,自动辨别出网络入侵的模式,从而提高系统的检测效率;将K- MEANS算法及DBSCAN算法相综合,应用到入侵检测系统,并针对K- MEANS算法的一些不足进行了改进,提出了通过信息嫡理论的使用解决K- MEANS算法选择初始簇中心问题,然后利用其分类结果完善DBSCAN算法两个关键参数(Eps,Minpts)的设置,通过DB-SCAN算法,进一步地分析可疑的异常聚类,提高聚类的准确度.%With the rapid development of Ethernet, network-based attacks more and more, traditional intrusion detection systems become increasingly difficult to cope. This article introduces data mining techniques to intrusion detection system to automatically analyze the network behavior in a variety of potential attacks recorded information, identify network intrusion model, thus improving the detection efficiency. In the data mining algorithm, this paper, the current most widely used algorithms DBSCAN and K-MEANS, and the K -MEANS algorithm is improved, the K- MEANS algorithm and DBSCAN algorithm integration is applied to the intrusion detection system. Universal Detection record set by the anomaly detection experiment show that the design of intrusion detection algorithm has a very high efficiency and accuracy.
展开▼
