本文提出一种基于数据挖掘的入侵检测模型,其主要思想是利用数据挖掘的方法,从经预处理的包含网络连接信息的

审计数据中提取能够区分正常和入侵的规则,并用来检测入侵行为。对Apriori 算法中求频繁集时扫描数据库I/O 负载惊人

的问题提出了一种改进办法。为验证该算法的可行性,文章最后实现了该入侵检测模型的知识库中正常连接规则的挖掘。实

验表明该模型能提取特征生成新规则,并证明了方法的可行性和有效性。-In this paper an intrusion detection system based on data mining is proposed, and its main idea is to apply data mining

methods to learn rules that can capture normal and intrusion activities from pre- processed audit data that contain network connection

information. Put forward a method to improve the Apriori algorithm, whose I/O is quite surprising when scanning the database.

To improve the method is feasible　the normal rules in the knowledge database in IDS are mined. And the experiment indicates that

the model can produce new rules, which approve the validity and the feasibility of the IDS.