提出了一种基于树扩展朴素贝叶斯(tree augmented naive Bayes,TANB)的入侵检测方法.该方法基于传统的朴素贝叶斯(naive Bayes,NB)和贝叶斯网络(Bayes network,BN)方法,结合了前者计算简单和后者能表示属性间相关性的优点.同时我们提出使用增益比率进行网络特征选择来进一步提高检测性能.通过对DARPA数据的入侵检测实验,与传统方法做了比较,其结果表明,我们提出的入侵检测方法效果很好,对各种入侵类型的检测率都很高.
Intrusion detection system is one of the hot topics in computer security research. This paper presents an intrusion detection system model based on tree augmented naive Bayes (TAN). The model is based on the traditional naive Bayes and Bayesian network methods and combines the simplicity of the former and the ability of the latter to calculate correlation between the attributes. Meanwhile, the paper proposes to use gain rate to choose relevant network features. Experiments are done on the DARPA data, the results show that our method is successful in accurately predicting all kinds of intrusion.