The ids of the paper is network - based anomaly detection system . with the help of data mining technology , we bring forward a measure to describe the normal state of the network traffic and user behavior and extracting the useful rule from large network data . so we can establish the knowledge warehouse which describe the normal state of the network traffic and user behavior . the knowledge warehouse can be the standard in order to judge the normal state . we can find the dubitable connections according to account the state and anomly instances of connections 论文在描述网络应用和用户行为时采用数据挖掘技术从海量的网络数据中提取有用的规则,构建了一个描述正常状态下的网络应用和用户行为的规则集,这个规则集是用来判断网络应用和用户行为是否正常的标准,论文根据这个标准分析当前网络连接的异常情况,将可疑的连接找出来。
