随着恶意入侵计算机现象的日益严重,准确检测入侵的需求应运而生。虽然基于专家系统的入侵检测方法检测准确度很高,但专家知识的获取和规则的动态更新是两大难点。该文提出将第一级认知系统(CS-1)应用于基于专家系统的入侵检测。CS-1采用桶队算法解决了规则评价和规则竞争问题,利用遗传算法不仅去除了降低检测效率的规则,而且取代由遗传算法生成的更强的规则子集。文中对专家系统规则到CS-1分类器的转换及分类器的检测方法进行了实例说明,实验结果体现了该方法的有效性和检测的高效性。 With the increasingly serious phenomenon of malicious invasion of the computer, the need to accurately detect intrusion came into being. Although the detection accuracy of expert system-based intrusion detection methods is high, the acquisition of expert knowledge and the dynamic update of rules are two major difficulties. This paper proposes to apply the first-level cognitive system (CS-1) to expert system-based intrusion detection. CS-1 adopts the bucket algorithm to solve the problem of rule evaluation and rule competition. The genetic algorithm not only eliminates the rule of reducing detection efficiency, but also replaces the stronger rule subset generated by genetic algorithm. In this paper, the transformation from expert system rules to CS-1 classifiers and the detection methods of classifiers are illustrated. The experimental results show the effectiveness of the method and the efficiency of detection.