由于目前大多数人侵侦测系统均基于专家知识的手工译码而构建,其更新十分缓慢和昂贵.显然从审计数据挖掘得出的频繁模式可以作为可靠的入侵侦测模型.因此,针对这一问题,提出一个快速有效的并行算法,该算法提取用来描述每一网络连接特征的扩充集合,并获知准确捕获入侵行为和正常活动的频繁模式,从而使得模型构建和不断更新简单易行.%Since many current IDSs(Intrusion Detection Systems) are constructed by manual encoding of expert knowledge, updating of them are very slow and expensive. It is obvious that the frequent patterns mined from audit data can be used as reliable intrusion detection models. Aiming at this problem, this paper proposes an efficient parallel method to extract an extensive set of features that describe each network connection and leam frequent patterns that accurately capture the behavior of intrusions and normal activities, which are employed to facilitate model construction and incremental updates simply and easily.
展开▼