摘要
入侵检测是计算机网络安全中不可或缺的组成部分,其中异常检测更是该领域研究的热点内容。现有的检测方法中,SVM能够在小样本条件下保持良好的检测状态。但是单一的SVM检测仍存在检测率不高、误报率过高等局限性。结合D-S证据理论,提出一种基于多SVM融合的异常检测方法,有效地弥补单个SVM检测的局限性。通过KDD99评测数据的评测实验表明,该方法有效地提高了入侵检测率的同时降低了误报率,大幅度地提高了入侵检测系统的检测性能。
Intrusion detection is the indispensable part of computer network security, and anomaly detection system is hot in this research field. One of the existing detection methods, SVM maintains good condition of small-scale dataset. But the single SVM detec- tion still exists the limitation that low rate of detection and high rate of false positives. Combined with evidential theory, it puts forward an anomaly detection method based on SVM fusion, effectively covers the limitation of the single SVM detection. Evaluation data pro- filing KDD99 experiments shows that this method increases the intrusion detection rate while reducing false positives, greatly improves the detection performance of the intrusion detection system.
出处
《计算机工程与应用》
CSCD
2012年第4期87-90,178,共5页
Computer Engineering and Applications
基金
高等学校科技创新工程重大项目培育资金项目