中文摘要：

利用机器学习算法，如SVM、神经网络等，进行入侵检测已取得很大进展，但检测结果难于理解的问题已影响到这些检测算法的广泛使用．文章在对已知的关联算法进行比较分析的基础上，提出了一种针对入侵检测结果的实时规则在线生成方法，以提高对检测结果的理解，降低入侵所带来的损失．在定义局部支持度、全局可信度、CI—Tree和IX—Tree树结构的基础上，设计了直接产生仅与当前发生的攻击相关的规则集的规则生成算法．该方法解决了当前主流关联规则生成算法应用到入侵检测结果集的过程中所存在的多遍扫描（至少两遍）、攻击数据的非均衡分布所带来的大量无效规则的产生和两阶段规则生成方法使得在第一阶段产生了众多与最后生成的规则集无关的频繁集等问题．经过实验表明，文中所提出的方法在规则生成和时间效率方面都显示出了良好的性能．

英文摘要：

Progress has been made in using machine learning techniques such as SVM and neural networks for intrusion detection, but the non-understandable detection results have prevented those algorithms from being thoroughly utilized. In this paper, the authors put forward a novel huge-data oriented method, which was based on the popular association rules extraction algorithm and targeted at the result of intrusion detection, to build real-time rules for enhancing the understanding of detection results and therefore decrease possible loss. The algorithm, by introducing local support, global confidence, CI-Tree and IX-Tree structure, employed these tree structures to build online rules for currently active intrusion. This algorithm solved a number of problems that exist in applying association rules algorithm to intrusion detection. （1）multi-scan （twice at least）; （2）mass useless rules due to unbalanced distribution of attacking data; （3）unwanted frequent set produced in the old two-phase rule-building method. Experimental results have demonstrated the method＇s good performance in both rule building efficacy and time efficiency.