摘要
利用攻击在网络通信中独特的流特征,给出一个可以适应已知和未知攻击的半监督分类方法。在训练分类器中,提出使用加权采样技术得到训练流,同时采用顺序前向选择算法得到最佳的特征子集。使用KDDCUP1999性能评估数据,可以得到较高的流和字节分类准确度。
This paper exploits distinctive flow characteristics of attacks when they communicate on a network, and proposes a semi-supervised classification method that can accommodate both known and unknown attacks. In training the classifier, it employs Sequential Forward Selection(SFS) to get the best feature subset. Meanwhile, it proposes weighted sampling techniques to obtain training flows. Performance evaluation using KDD CUP1999 data shows that high flow and byte classification accuracy can be achieved.
出处
《计算机工程》
CAS
CSCD
北大核心
2009年第12期90-91,94,共3页
Computer Engineering
基金
国家自然科学基金资助项目(60773013)
关键词
网络流量分类
半监督学习
模糊C均值
入侵检测
network traffic classification
semi-supervised teaming
Fuzzy C-Means(FCM)
intrusion detection