摘要： 提出了针对B/S数据服务系统的入侵检测模型。该模型采用两层结构：第1层分析不同来源的安全数据并生成预警条件，第2层对预警数据进行处理并作出是否警报的最终决定。在模型中引入了树型拓扑结构，为服务器端的正常行为建模，用不同的安全相关数据生成历史轮廓，通过有序归并和基于通用序列模式(GSP)的Apriori验证发现异常行为。该方法对报警情况和报警自身进行综合分析，具有较高的检测率。

关键词: 入侵检测, 轮廓, 归并, 验证, 通用序列模式

Abstract: An intrusion detection model against attacks to B/S data service system is presented. This model consists of two layers, layer one analyzes security-relevant data from different sources and generates pre-alarm conditions, layer two processes such data and makes final decisions. A tree topology is used in the process of server behavior abstract description, consequently generates historical profile with different security related data. Anomaly behaviors among operations are detected through orderly merge and verification with Apriori algorithm based on general sequential pattern (GSP). The experimental results show that the model integrates alarm conditions with alarm contents and has high intrusion detection ratio.

Key words: Intrusion detection, Profile, Mergence, Verification, General sequential pattern(GSP)