弱关联规则下的联合数据库入侵检测方法研究
发布时间:2019-02-14 23:32
【摘要】:联合数据库的入侵和普通入侵不同,其无显著的行为特征,入侵数据属性差异较大,很难形成统一的约束规范,导致传统的入侵检测方法,由于通过提取入侵行为特征进行入侵检测,无法有效且准确地完成联合数据库的入侵检测,提出一种弱关联规则下的联合数据库入侵检测方法,通过弱关联模式在联合数据库中支持程度与联合数据库记录总量的比求出弱关联模式的支持度,获取频繁弱关联模式集,采用改进的双置信度算法对频繁弱关联模式集的置信度进行计算,获取弱关联规则,依据弱关联规则,通过原始联合数据库对分类超平面进行计算,采用该超平面完成联合数据库的整体分类,采用主成分分析方法对联合数据库中的操作数据进行降维处理,通过差异分类方法,对联合数据库中的操作数据特征进行分类操作,实现弱关联规则下联合数据库的有效入侵检测。实验表明,所提方法具有很高的准确性及有效性。
[Abstract]:The intrusion of federated database is different from that of common intrusion, it has no significant behavior characteristics, and the attribute of intrusion data is different, so it is difficult to form a unified constraint standard, which leads to the traditional intrusion detection method. Because intrusion detection can not be done effectively and accurately by extracting intrusion behavior features, a joint database intrusion detection method based on weak association rules is proposed. Based on the ratio of the degree of support of the weak association schema in the joint database to the total record volume of the joint database, the support degree of the weak association pattern is obtained, and the frequent weak association pattern set is obtained. The improved double confidence algorithm is used to calculate the confidence of frequent and weak association pattern sets, and the weak association rules are obtained. According to the weak association rules, the classification hyperplane is calculated by the original joint database. The hyperplane is used to complete the whole classification of the joint database, the principal component analysis (PCA) method is used to reduce the dimension of the operation data in the joint database, and the operational data characteristics in the joint database are classified by the differential classification method. The effective intrusion detection of federated database under weak association rules is realized. Experiments show that the proposed method is accurate and effective.
【作者单位】: 琼州学院电子信息工程学院;
【基金】:琼州学院校级青年科学基金项目:(QYQN201338)
【分类号】:TP311.13;TP393.08
[Abstract]:The intrusion of federated database is different from that of common intrusion, it has no significant behavior characteristics, and the attribute of intrusion data is different, so it is difficult to form a unified constraint standard, which leads to the traditional intrusion detection method. Because intrusion detection can not be done effectively and accurately by extracting intrusion behavior features, a joint database intrusion detection method based on weak association rules is proposed. Based on the ratio of the degree of support of the weak association schema in the joint database to the total record volume of the joint database, the support degree of the weak association pattern is obtained, and the frequent weak association pattern set is obtained. The improved double confidence algorithm is used to calculate the confidence of frequent and weak association pattern sets, and the weak association rules are obtained. According to the weak association rules, the classification hyperplane is calculated by the original joint database. The hyperplane is used to complete the whole classification of the joint database, the principal component analysis (PCA) method is used to reduce the dimension of the operation data in the joint database, and the operational data characteristics in the joint database are classified by the differential classification method. The effective intrusion detection of federated database under weak association rules is realized. Experiments show that the proposed method is accurate and effective.
【作者单位】: 琼州学院电子信息工程学院;
【基金】:琼州学院校级青年科学基金项目:(QYQN201338)
【分类号】:TP311.13;TP393.08
【参考文献】
相关期刊论文 前2条
1 陶树平,屠颖;关联规则和分类规则挖掘算法的改进与实现[J];计算机工程;2003年15期
2 张新有;曾华q,
本文编号:2422719
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2422719.html
