为了提高入侵检测的准确度和速度,针对入侵规则属性相关性的特点,将属性与类间的互信息与属性间的互信息结合,提出了一种新的混合互信息的决策树分类算法。在对此算法进行了算法设计和分析的基础上,将由此算法构造的决策树分类方法对入侵规则进行组织,改变了传统的入侵规则逐条串行检测,以增加预处理时间为代价,提高了数据包的过滤速度和准确度。实验分析表明,应用该算法的入侵检测系统比使用传统方法具有更高的准确率和速度。
Traditional intrusion detection systems(IDS) not only have high rate of false positive and false negative with the increasing complexity of intrusion, but also lack effectiveness for very large test data because of its simple structure. Therefore, based on relationship of the attributes of intrusion rules, this paper presents a new classification algorithm in order to improve speed and accuracy of intrusion detection, which selects a node's attribute with more information gain, but with less mutual information between the attributes of the node and that of all the upper nodes. This method avoids selecting the redundant attributes and achieves the reduction in entropy. After the algorithm is designed and analyzed, Apply it into the rules to form a decision tree, which changes the conventional way of searching the packet orderly, and improves the matching speed at the cost of preprocess time. The result of an experiment shows that the intrusion detection system using the proposed algorithm works more efficiency than using conventional method or ID3 decision tree.