To improve the intelligence and detection accuracy of intrusion detection system,the application of the Apriori algorithm of association rules in intrusion detection system is put forward,and two improvements are made for the traditional al?gorithm. The dynamic pruning technology is used to judge the candidate item which does not conform to the requirements of the candidate in advance,so as to reduce the database scan times. reverse back ideas are adopted to find the maximum frequent set,and then get all the frequent sets according to the maximum frequent set. In the intrusion detection system,the improved al?gorithm is used to train intrusion rules,and then detect captured network data packets on the basis of misuse detection technolo?gy. The experimental results show that the improved algorithm can achieve a higher detection rate,and its execution efficiency is increased by more than 30% in comparison with traditional algorithms in the same data size.%为了提高入侵检测系统的智能性和检测准确性,提出将关联规则的Apriori算法应用于入侵检测系统,并对传统算法做出两点改进:利用动态剪枝技术,提前判断出不符合要求的候选项,以减少数据库扫描次数;使用逆向回推思想,先找出最大频繁集,再由此得出所有频繁集。在自构建的入侵检测系统中,运用改进的算法先训练出入侵规则,而后基于滥用检测技术,用其检测捕获到的网络数据包。实验结果表明,改进后的算法能够达到比较高的检测率,而且相同数据规模下,执行效率较传统算法提高30%以上。
展开▼
