{"title":"一种高效的基于数据挖掘的入侵检测框架","authors":"Weidong Li, Kejun Zhang, Boqun Li, Bingru Yang","doi":"10.1109/CIMA.2005.1662306","DOIUrl":null,"url":null,"abstract":"A multi-layer intrusion detection framework is proposed in this paper. Comparing to the traditional system, the framework has sources from all the respects of host computer and network, and calculates connecting volume for each active connection, thus only the suspicious connections would be analyzed, more than 80% packets are normal, and don't need processing, influence to the system speed is very little. All the information of the host computer is combined to a union, and the properties are expanded and enhanced for the data mining engine, so the mining process is efficient and accurate. Fuzzy mining can also be used in intrusion detecting and rule sets comparing. The framework provides abilities of detection, report and response. Experimental results show the rapidness and accuracy of the proposed framework","PeriodicalId":306045,"journal":{"name":"2005 ICSC Congress on Computational Intelligence Methods and Applications","volume":"73 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"An efficient framework for intrusion detection based on data mining\",\"authors\":\"Weidong Li, Kejun Zhang, Boqun Li, Bingru Yang\",\"doi\":\"10.1109/CIMA.2005.1662306\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A multi-layer intrusion detection framework is proposed in this paper. Comparing to the traditional system, the framework has sources from all the respects of host computer and network, and calculates connecting volume for each active connection, thus only the suspicious connections would be analyzed, more than 80% packets are normal, and don't need processing, influence to the system speed is very little. All the information of the host computer is combined to a union, and the properties are expanded and enhanced for the data mining engine, so the mining process is efficient and accurate. Fuzzy mining can also be used in intrusion detecting and rule sets comparing. The framework provides abilities of detection, report and response. Experimental results show the rapidness and accuracy of the proposed framework\",\"PeriodicalId\":306045,\"journal\":{\"name\":\"2005 ICSC Congress on Computational Intelligence Methods and Applications\",\"volume\":\"73 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-12-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2005 ICSC Congress on Computational Intelligence Methods and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CIMA.2005.1662306\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2005 ICSC Congress on Computational Intelligence Methods and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIMA.2005.1662306","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An efficient framework for intrusion detection based on data mining
A multi-layer intrusion detection framework is proposed in this paper. Comparing to the traditional system, the framework has sources from all the respects of host computer and network, and calculates connecting volume for each active connection, thus only the suspicious connections would be analyzed, more than 80% packets are normal, and don't need processing, influence to the system speed is very little. All the information of the host computer is combined to a union, and the properties are expanded and enhanced for the data mining engine, so the mining process is efficient and accurate. Fuzzy mining can also be used in intrusion detecting and rule sets comparing. The framework provides abilities of detection, report and response. Experimental results show the rapidness and accuracy of the proposed framework
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
