本研究主要在運用事件序列和精確時間間隔的資料探勘演算法,提供精確的網路入侵行為規律辨識方法。為了維護網路安全,一般的入侵偵測系統必需全面的監控網路環境的所有訊息。然而,大多數傳統的入侵偵測方法產生太多的入侵警報,迫使網路管理者必需面對繁多的可疑事件進行大量調查,以確定其潛在的入侵行為的可能程度。 為了解決這個問題,本研究針對網路用戶行為進行精確時間間隔集群分析與序列型樣分析,以便比較有效的找出入侵行為模式。研究結果所產生的入侵行為事件序列型樣,除了列出所有入侵事件的順序關係之外,同時也針對所有可能的時間間隔進行分群分析,比較以往的研究更能確切找出入侵事件之間的頻繁時間間隔。藉由本研究的結果,網路管理者可以更加精確的辨識網路攻擊的事件類型與可能發生的順序以及時間點,讓網路管理者有效的集中時間與心力來監督並維護網路的安全。 This research models the sequences and time-intervals of network intrusion. In order to maintain network security, common intrusion detection systems have to monitor the entire network environment. However, most traditional detection methods generate too many intrusion alerts, which forces network administrators to conduct numerous investigations of suspicious incidents to determine potential intrusion behavior. To solve this problem, this research combines specific time-interval clustering analysis of online user’s behaviors with sequential pattern analysis to provide specific rules of intrusion behaviors. The acquired sequential pattern of the intrusion events lists the ordered relationship of all intrusion related events. In addition, the possible time-intervals between events are analyzed and clustered to indentify exact frequent time-intervals. The proposed method can provide specific intrusion information to the network administrator, which effectively helps him to monitor and maintain network security with less time and effort.