Intrusion detection is an important technique for computer and information system. S. Forrest and coworkers present us that short sequences of system calls are good signature descriptions for anomalous intrusion detection. This paper extends their works by applying mining fuzzy association rules to intrusion detection. After giving a primary classification of system calls based on threat level and its classification identifier numbers, we generate series short sequences of sendmail trace data and transform them into fuzzy expression. Then we extract the Most Dangerous Sequences Database (MDSD) from the fuzzy expression data, according to the specific threshold. For the MDSD database, we apply mining fuzzy association rules to detect each sequence is "normal" or "abnormal". The prototype experimental results demonstrate that the proposed method gives enough ability for intrusion detection.
展开▼
机译:入侵检测是计算机和信息系统的重要技术。 S. Forrest和同事向我们展示了系统调用的短序列是对异常入侵检测的良好签名描述。本文通过将采矿模糊关联规则应用于入侵检测来扩展其作品。在基于威胁级别及其分类标识符编号提供系统调用的主要分类之后,我们会生成Sendmail跟踪数据的系列短序列,并将其转换为模糊表达式。然后,根据特定阈值,我们从模糊表达数据中提取最危险的序列数据库(MDSD)。对于MDSD数据库,我们应用挖掘模糊关联规则来检测每个序列是“正常”或“异常”。原型实验结果表明,所提出的方法提供了足够的入侵检测能力。
展开▼
