【作者】 史瑞昌；

【导师】 彭新光；

【作者基本信息】 太原理工大学 ， 计算机应用科学与技术， 2003， 硕士

【摘要】 入侵检测是通过对系统审计数据进行检测分析来发现入侵企图并采取相应保护措施的一种技术，是保护计算机和网络安全的重要防线。 当前在入侵检测系统模型构造中采用的技术有很多种，其中，将数据挖掘(DM)技术应用到入侵检测系统模型构造中是实现模型构造的系统化、自动化，克服手工编码或过多依赖专家经验的一种有效方法。 但是，目前通用的数据挖掘算法在应用到入侵检测领域时，会存在不适合入侵检测的特殊环境的问题。 本文研究了在入侵检测领域广泛应用的挖掘算法——规则归纳分类算法。在大量的入侵检测环境下的数据上应用RIPPER分类算法的结果显示，这一传统分类算法强大的归纳能力对于入侵检测环境下反例缺乏(我们提供的审计数据不可能函概所有的入侵类型)的数据集不能很好地适应。本文在RIPPER算法的基础上，进行了适太原理工大学硕士研究生毕业论文应入侵检测环境的改造，提出了多级贪婪祸合规则归纳算法。 通过在多组人造及实际数据集上同RIPPER算法的对比实验，证明该算法对于反例缺乏的数据集，在没有明显影响算法的速度的前提下，仍然具有较强的归纳能力。更多还原

【Abstract】 Intrusion Detection, which tries to detect attempts to penetrate into a system is now an important fort to protect computer systems.There are many techniques applied in the construction of intrusion detection systems. Of them, data mining is an efficient one to construct an intrusion detection system systematically and automatically, avoiding of manual and ad hoc means.However, current data mining algorithm can’t completely adapt to the particular requirements in intrusion detection fields.Rule induction algorithm, a mining algorithm widely used in intrusion detection fields, is researched in this thesis. By applying RIPPER algorithm to a great lot data sets in intrusion detection fields, we found that the inductive ability of this traditional classification algorithm could be greatly damaged by the lack of negative examples in training data sets. Given the prevalence of lack of negative examples (which cover some intrusion types) in the auditdata we can offer, this limitation was almost lethal. Based on RIPPER, some modification was proposed to adapt the intrusion detection environment, resulting in the multi-greedy and coupling (MGC) rule induction learning algorithm.Tests on a few man-made and real data sets showed that, without greatly affecting its computational efficiency, the new algorithm have better generalization performance over RIPPER algorithm on data sets lack of negative examples.更多还原