Naids is the first data mining based anomaly detection system , the first intrusion detection system which lower false positive rate by classification engineering , the first intrusion detection system which put forward sliding windows techniques to carry out incremental , on - line mining Naids是第一个基于数据挖掘方法的异常检测系统,是第一个通过分类引擎来降低误报率的入侵检测系统,是第一个提出滑动窗口技术实施在线增量式挖掘的入侵检测系统。
The thesis intruduce the program ( 99085 ) and the model that author have done in the program . in this work report here , the main contribution of the thesis is the network performance learning based intrusion detection model . this model done well in detecting the new attack and can work in the new network enviroment 该模型针对ddos , eml等新型攻击方式具有很高的侦测率,而且该模型克服了特征检测无法检测新入侵的缺点,同时通过引入遗传算法在一定程度上消除了异常检测误报率过高的缺点。
In addition , the paper studies the drawbacks of the existing network invasion detecting system and concludes that the basic reason why the users are not satisfied with them is that it is hard to reduce both the misinformation rate and the rate of failing to report simultaneously . then , it presents that attack defending system and invasion analyzing system are the two key orientations for the development of invasion detecting system , and also analyzes and explores their corresponding technological requirements 文中对当前网络入侵检测系统的不足进行了深入的分析,认为误报率和漏报率难以同时降低是导致用户对其不满的根本原因,指出:攻击防护系统和入侵分析系统将是入侵检测系统发展的两个主要方向,并对相应的技术要求进行了分析和探讨。
This paper presents an approach which applies data mining technique to improving alarm accuracy . we realized some of these ideas in nisdetector . our test showed that it is a good schema in solving the problem of false negative or false positive , and reduces the volume of alarm message 作者在分析研究各种检测技术的基础上提出了利用数据融合技术提高报警准确性、减少报警量和误报率的观点,并以nisdetector为平台通过综合分析网络和主机报警信息在此方面进行了一些有价值的试验,取得了一些进展。
Subsequently , weighted association rules algorithm is given in order to solve the problem of improving detection rate but increasing false positive rate when association rules are applied to the detection system . the method can to some extent improve detection rate of the intrusion detection system , confine the produce of uninteresting rules , and decrease false 为了解决将关联规则算法应用于入侵检测系统提高系统检测率的同时也增加系统误报率的问题,论文把加权关联规则算法应用于入侵检测系统,此方法能在一定程度上提高了入侵检测的检测率也限制了无趣规则的产生,并降低了误报率。
Ids has been fast developing since it ' s put forward . but intrusion detection technology is now wandering with the universal application of high - speed network , the appear of new attack methods like distributed denial of service attack , and the low efficiency and high false positive of today ' s idss 但是,由于高速网络和交换式网络的普遍应用,以分布式拒绝服务攻击为代表的新型攻击方式的出现和发展,以及现有入侵检测系统效率低下、误报率和漏报率较高的问题无法得到有效解决等问题,目前入侵检测技术正处于发展的关键时期。
Subsequently , it in the paper gives weighted association rules algorithm in order to solve the problem of improving detection rate but increasing false positive rate when association rules are applied to the detection system . the method can to some extent improve detection rate of the intrusion detection system , confine the produce of uninteresting rules , and decrease false positive rate 首先我研究了关联规则的各种实用算法及其改进算法,之后为了解决将关联规则算法应用于入侵检测系统提高系统检测率的同时也增加系统误报率的问题,论文给出加权关联规则详细的算法说明,并将此方法应用于入侵检测。
In the fourth section of the thesis , the method that constructing statistical features based - on time for connection records and using these features to construct classification models were studied in detail . in order to improve the accuracy of classification model and decrease the rate of false positive , some factors that may have bad influence on accuracy of classification model were analyzed and the method of selecting appropriate set of features was also provided 论文的第四部分,详细研究了使用网络连接记录的基本特征属性构建基于时间的统计特征属性方法,通过选择适当的特征属性集来提高异常检测模型的分类精度,降低误报率;同时分析了影响检测模型分类精度的因素;对不同实验条件下得到的实验结果进行了比较和分析。
Due to the some normal ids ' s low efficiency , high error report rate , bad self - security , this thesis has given out a new - type hybrid intrusion detection system ( hsids ) design with high efficiently , good self - security , combining the distrubited information gathering with the centralized managerment , and combining the nid and the hid . the detailed design scheme also has been presented . the hsids adopts the " black hole " hidden setting , greatly decreasing the posiblity for hacker to discover and attack the hsids 在hsids中,采用“黑洞”式隐形设置,可以大大减少hsids系统被黑客发现并攻击的可能;系统采用的将nid与hid相结合的方式可降低入侵信息的漏报与误报率;改进的检测算法提高了检测引擎的速度;采用开放的检测规则方便了系统的升级,提升了检测能力; web方式的安全管理可以很好地控制整个监控网络的安全情况;被动防御与主动防御相结合更有效的防止了入侵者对系统的入侵。
This tool is aim to test the technology of evading ids by utilizing the weaken of network layer and the transmission layer . and then we test the snort by using the tester and the hacker tool , from the result we find a critical problem faced by a network intrusion detection system ( nids ) is that of ambiguity is the main reason that producing the make false positive and false negative 通过该工具与第三方黑客软件? fragroute相结合,对入侵检测系统软件- - snort进行测试,从结果的分析中得知网络入侵检测体系所面临的语义模糊性问题是造成漏报率和误报率很高的一个主要原因,入侵者就可能利用这一漏洞逃过nids的检测或者引起检测系统的误警。
