【摘要】 介绍了基于模型推理和基于模型两种入侵检测系统,提出了一种新的基于智能体技术的入侵检测系统体系结构,解决了传统集中式入侵检测系统的弊病,将任务处理和数据分布到网络各个结点上,充分利用网络资源协同完成入侵检测任务;介绍了遗传算法在该系统中的应用,因系统安全的先验知识体现在对原始数据中有价值特征属性变量集的选择上,故利用遗传算法对特征属性变量子集的选择进行优化,找到相对最优的由特征向量表示的特征属性变量集,以降低入侵检测系统的负荷。更多还原

【Abstract】 This paper introduces the model discursion-based intrusion detection system and the model-based intrusion detection system and presents a new kind of IDS based on agent, by which IDS distributes data and task to the nodes in the networks. Thus IDS can make best use of compute capability and resources of the networks, which covers the shortage of conventional centralized intrusion detection approach. Importantly, the genetic algorithm applied to the IDS is introduced in detail. In allusion to the apriori knowledge of system security always embodying as the selection of the useful subset of attributes in original data, this IDS uses the genetic algorithms to optimize the feature subset selection and to find the relative optimal subset of attributes expressed by feature vector. The IDS uses data mining algorithms to abstract key features of system runtime status from security audit data, and it uses genetic algorithm to select the feature subset to reduce the amount of data that must be obtained from running processes and classified.更多还原