摘要
提出了一种结合模糊决策与贝叶斯方法的异常检测模型,该模型将系统中与安全相关的事件进行分类,并以模糊隶属度函数的形式给出各类事件发生异常的实时置信度。异常检测系统综合某时刻所有实时概率取值,做出贝叶斯决策。同简单使用阈值方法的贝叶斯入侵检测模型相比,采用了模糊概率赋值的贝叶斯异常检测模型,在提高对问题描述的精确性同时,由于它对多种类型安全相关事件提供支持而具有更好的适应性,可以更全面地对更复杂的系统行为进行建模。
To enhance the intrusion detection system with more accuracy and less false positive rate while still providing acceptable performance and adaptability, a Bayesian anomaly intrusion detection system using fuzzy probability assignment is presented in the paper. After categorizing the security related system events and properties into four models, which are represented by their corresponding fuzzy membership functions, the real- time probability of a specific security event will be calculated as according to the fuzzy membership function of the model it belongs to and a decision whether the supervised system is in a abnormal state is thus made from the synthesized probabilities of all these registered security events. Two separate algorithms, namely simple probability algorithm and Bayesian belief network algorithm, are provided in combining with the real-time fuzzy probabilities calculated. Simulations with a group of fine tuned coefficients prove the effectiveness of the two algorithms. Compared with previous work that employs the simple threshold methods in judging security related system events, the fuzzy approach suggested describes the probabilities of security events more accurately through utilizing the continuous fuzzy probability model and scales better as well for modeling various kinds of security related system properties in normal system behavior profiling.
出处
《中国工程科学》
2007年第6期58-63,共6页
Strategic Study of CAE
基金
国家自然科学基金资助项目(60273035)
