全文下载:2014020196
陈行1,2a, 陶军2a,2b, 张建德1
(1.南京工程学院 计算机学院,江苏 南京 211167;2.东南大学 a.计算机网络和信息集成教育部重点实验室,b.计算机科学与工程学院, 江苏 南京 211189)
摘要: 网络行为的复杂性和动态变化使得入侵检测数据中存在大量干扰信息,入侵检测的误警率和漏警率很高,变精度粗糙集增强了粗糙集模型的抗干扰能力,适合分析不确定的数据集合。运用变精度粗糙集为入侵检测系统进行形式化描述,建立入侵检测信息系统和入侵检测模型。设计β参数调整算法,将训练数据集离散化后进行信息系统约简,然后生成入侵检测规则库,根据规则库进行入侵检测。模拟实验证明本方法具有良好的检测性能,可以适应网络行为的动态变化并检测出潜在的攻击行为。
关键词: 入侵检测;变精度粗糙集;参数阀值修正
中图分类号: TP 393文献标志码: A
Intrusion Detection Research Based on Variable Precision Rough Set
CHEN Hang1,2, TAO Jun2,3, ZHANG Jiande1
(1.School of Computer, Nanjing Institute of Technology, Nanjing 211167, China; 2.a. Key Library of Computer Network and Information Integration of Ministry of Education, b. School of Computer Science and Engineering, Southeast University, Nanjing 211189, China)
Abstract: There is a lot of disturbance information in intrusion detection data because of complexity and dynamic variability of network behavior, which leads to high false alarms rate and missed alarms rate very high. Variable precision rough set enhances the antiinterference ability of rough set, and is suitable for analyzing uncertain data set. Variable precision rough set was used to describe the intrusion detection system formally, to build an intrusion detection information system andah intrusion detection model. β parameter modification algorithm was designed, the intrusion detection rule base was generated after the training data set was discriminated and information system was reduced, then intrusion detection was executed according to that rule base. Simulation experiments show that this method has good performance and can adapt to the dynamic variability of the network behavior and detect potential malicious behaviors.
Key words: intrusion detection; variable precision rough set; parameter threshold modify
收稿日期: 20130523
基金项目: 江苏省自然科学基金项目(BK2010414);南京工程学院引进人才科研启动基金项目(YKJ201109).
作者简介: 陈行(1980—),男,博士.
