| This work is based on National 863 High Tech Program--Large-scale Intrusion Detection and Stratagem Pre-alerting Technology. Intrusion Detection techniques fall into two general categories: signature recognition and anomaly detection, both of which should be based on certain rules or features. With the rapid development of Internet, the network flux is becoming greater. Thus, the automation of the extraction of rules and features is becoming important. Consequently, our research presents an approach to do this, which analyzes the data packets with one or more intrusion behaviors by means of Rough-Set Theory with clustering analysis. On the basis of the rules and features achieved by this approach, specialists can draw useful conclusions from it.We analyze the data set with Roush-Set Theory and determine the most important parts of it so that it decreases the time and storage, and reduces the rules and features which can be more suitable for real-time intrusion detection. In order to decrease the amount of information analyzed and the error of classification, we utilize the feature selection. Systemic Clustering also be adopted so as to deeply processing the data in all kinds of aspects.At last, we illustrate the whole experiment, system realization and system framework. The result proves that the techniques presented above can extract rules and features automatically and efficiently.
|
PDF Full Text Request