摘要： 针对网络入侵检测系统面临的检测规则更新问题，提出一种解决方法，用粗糙集层次决策表表示系统的入侵检测规则，利用其增量学习算法完成新规则的学习。仿真实验结果表明，与仅用决策表规则的系统相比，使用层次决策表表示规则的系统所用的训练时间更短，漏报率低，对于Probe和R2L&U2R入侵具有更好的检测效果。

关键词: 网络入侵检测, 粗糙集, 决策表, 规则更新, 增量学习算法

Abstract: Because there are rule update problems in network intrusion detection system whose rules are represented with rough decision table, this article presents representing the rules with hierarchies decision tables and making use of incremental learning algorithm to learn the new rules. Experimental results are carried out based on a set of benchmark DARPA data. It is observed that network intrusion detection system with hierarchies decision tables has a shorter training time, relatively low false negative rate and high accurate results for Probe and R2L&U2R attacks in comparison with that one only with rough decision table.

Key words: network intrusion detection, rough set, decision table, rules update, incremental learning algorithm

中图分类号: 

• N945