摘要
在分析了现有的入侵检测方法的基础上,为了降低入侵检测系统的错检率、降低漏检率和提高实时性,提出了一种新的检测方法:基于新的条件熵的入侵检测算法。本算法在考虑信息论有关理论的基础上,利用信息熵的知识对收集到的数据进行离散化。通过分析离散化后的数据,利用新的条件熵的知识约简方法去除冗余属性,生成检测规则,然后用来分析入侵数据。实验结果表明:基于新的条件熵的入侵检测算法与基于BP神经网络和支持向量机的入侵检测算法比较,可以有效地提高入侵检测系统的检测率,降低错检率。该算法的检测率提高7%左右,能为信息系统提供很好的入侵检测服务。
Based on the analysis of the current intrusion detection approaches,existing security detection systems have many problems such as wrong detection of intrusions,missed intrusions,poor real-time performance,bring up a new detection method,namely adaptive intrusion detection algorithm based on new conditional entropy.In considering the theories related to information theory,this algorithm firstly discrete the collected data use the knowledge of information entropy,then analyze the discrete data,remove the redundant attributes by reduction method related to conditional entropy knowledge,finally generate a new detection rules for the further analysis of intrusion data.The experimental result shows that is more efficient than algorithms based on BP neural networks and vector machines;thereby,this detection algorithm can effectively improve the intrusion detection system's detection rate,and reduce the error detection rate,and this detection algorithm can improve the detection ratio by about 7% and reduce the wrong detection ratio.The system provides detection service effective for information systems,as well.
出处
《计算机技术与发展》
2011年第8期237-240,共4页
Computer Technology and Development
基金
中国民用航空局科研项目(MHRD200924)
关键词
新的条件熵
离散化
入侵检测
知识约减
new conditional entropy
discretization
intrusion detection
knowledge reduction