摘要
入侵检测实质上是分类问题,即将正常数据同入侵行为分开。在本文中,提出一种双层入侵检测算法,算法的一层是基于Boosting的入侵检测算法,二层是SVM算法。KDDCUP99数据集用于实验中,结果表明,基于这种结构的双层入侵检测算法分类精度和泛化能力都好于单个神经网络和常用神经网络集成方法。
Intrusion detection can be essentially regarded as a classification problem, namely, distinguishing normal profiles.from intrusive behaviors. In this paper, an approach to network intrusion detection with a two -layered architecture is proposed, which is a algorithm based on boosting in the first level and SVM in the second level. KDD CUP99 data set is used in these experiments to demonstrate that the classification accuracy and the generalization ability of bi - level intrusion detection algorithm with the architecture is better than that of the single neural network and commonly - used neural network ensemble methods.
出处
《微计算机应用》
2010年第6期20-24,共5页
Microcomputer Applications
基金
国家自然科学基金项目(60675030)资助
关键词
入侵检测
集成学习
弱分类器
支持向量机
Intrusion detection, ensemble learning, weak classifier, SVM