这种方法的主要思想是利用数据挖掘方法,从经预处理的包含网络连接信息的审计数据中提取能够区分正常和入侵的规则。
The main idea is to apply data mining methods to learn rules that can capture normal and intrusion activities from pre-processed audit data that contain network connection information.
为了提高安全审计的实时性,引入典型集方法压缩正常行为特征库。
In order to improve the real-time efficiency, a typical set method is introduced to compress the normal signature database.
不过审计人员应当注意,他们的行为可能会影响面谈人员的态度,有时不恰当的方法会引起非正常的或防御型的反应。
Care should be taken because the behaviour of the auditor could affect the attitude of the person being interviewed and an insensitive approach could lead to an unco-operative and defensive reaction.
应用推荐