信息安全研究 ›› 2017, Vol. 3 ›› Issue (9): 810-816.

• 学术论文 • 上一篇    下一篇

基于数据挖掘的网络入侵检测方法

王鲁华   

  1. 国家计算机应急技术处理协调中心
  • 收稿日期:2017-09-07 出版日期:2017-09-15 发布日期:2017-09-06
  • 通讯作者: 王鲁华
  • 作者简介:硕士,主要研究方向为数据挖掘、信息安全.

Network Intrusion Detection Method Based on Data Mining

  • Received:2017-09-07 Online:2017-09-15 Published:2017-09-06

摘要: 随着计算机和互联网技术的飞速发展,网络安全问题变得日益重要和严峻, Bro作为目前动态入侵检测的主流平台,可以实现高速网络下的实时检测和报警,遵循分层原则,可扩展性高,提供了Bro语言和丰富的分析函数来定义事件引擎和规则引擎.ELK是Elasticsearch、Logstash和Kibana工具的集合,用来实现大量网络恶意数据的分析、记录,并利用数据挖掘技术进行恶意数据的行为和模式分析,达到新型或者变种恶意数据的预警和防范.

关键词: 信息安全, 数据挖掘, 入侵检测, 关联预测

Abstract: With the rapid development of computer and Internet technology, network security has become increasingly important and serious, Bro as the current dynamic intrusion detection platform, can achieve high-speed network real-time detection and alarm, follow the layered principle, high extendibility, provides Bro language and rich analysis functions to define event engines and policy engines. ELK is a collection of Elasticsearch, Logstash and Kibana tools for the analysis and recording of network malicious data, based on data mining for malicious data behavior and pattern analysis, to achieve warning and prevention of new or variant malicious data.