 |
|
|
|
 |
 |
 |
|
 |
|
 |
|
|
| 李洋,方滨兴,郭莉,陈友.基于直推式方法的网络异常检测方法.软件学报,2007,18(10):2595-2604 |
| 基于直推式方法的网络异常检测方法 |
| A Network Anomaly Detection Method Based on Transduction Scheme |
| 投稿时间:2006-10-10 修订日期:2007-01-23 |
| DOI: |
| 中文关键词: 网络安全 异常检测 奇异值 直推式信度机 TCM-KNN算法 |
| 英文关键词:network security anomaly detection strangeness TCM (transductive confidence machines) TCM-KNN (transductive confidence machines for K-nearest neighbors) algorithm |
| 基金项目:Supported by the National Natural Science Foundation of China under Grant No.60573134 (国家自然科学基金); the National Information Security 242 Project of China under Grant No.2005C39 (国家242信息安全计划项目) |
| 作者 | 单位 | | 李洋 | 中国科学院,计算技术研究所,北京,100080
中国科学院,研究生院,北京,100049 | | 方滨兴 | 中国科学院,计算技术研究所,北京,100080 | | 郭莉 | 中国科学院,计算技术研究所,北京,100080 | | 陈友 | 中国科学院,计算技术研究所,北京,100080
中国科学院,研究生院,北京,100049 |
|
| 摘要点击次数: 3521 |
| 全文下载次数: 3873 |
| 中文摘要: |
| 网络异常检测技术是入侵检测领域研究的热点和难点内容,目前仍然存在着误报率较高、对建立检测模型的数据要求过高、在复杂的网络环境中由于"噪音"的影响而导致检测率不高等问题.基于改进的TCM-KNN(transductive confidence machines for K-nearest neighbors)置信度机器学习算法,提出了一种网络异常检测的新方法,能够在高置信度的情况下,使用训练的正常样本有效地对异常进行检测.通过大量基于著名的KDD Cup 1999数据集的实验,表明其相对于传统的异常检测方法在保证较高检测率的前提下,有效地降低了误报率.另外,在训练集有少量"噪音"数据干扰的情况下,其仍能保证较高的检测性能;并且在采用"小样本"训练集以及为了避免"维灾难"而进行特征选取等优化处理后,其性能没有明显的削减. |
| 英文摘要: |
| Network anomaly detection has been an active and difficult research topic in the field of intrusion detection for many years. Up to now,high false alarm rate,requirement of high quality data for modeling the normal patterns and the deterioration of detection rate because of some "noisy" data in the training set still make it not perform as well as expected in practice. This paper presents a novel network anomaly detection method based on improved TCM-KNN (transductive confidence machines for K-nearest neighbors) machine learning algorithm,which can effectively detect anomalies using normal data for training. A series of experiments on well known KDD Cup 1999 dataset demonstrate that it has lower false positive rate,especially higher confidence under the condition of ensuring high detection rate than the traditional anomaly detection methods. In addition,even provided with training dataset contaminated by "noisy" data,the proposed method still holds good detection performance. Furthermore,it can be optimized without obvious loss of detection performance by adopting small dataset for training and employing feature selection aiming at avoiding the "curse of dimensionality". |
|
HTML 下载PDF全文 查看/发表评论 下载PDF阅读器 |
|
|
|
|
|
|
 |
|
|
|
|
 |
|
 |
|
 |
|
