摘要
通过对网络攻击类型和入侵检测方法的研究,发现常用的入侵检测方法不能很好地检测U2R和R2L两类攻击。为解决异常检测中对于U2R和R2L两类攻击检测率低的问题,提出了一种基于支持向量机和贝叶斯分类的异常检测模型,该模型利用BIRCH聚类算法减少训练数据集中重复记录,并利用支持向量机分类算法和贝叶斯分类算法分别检测DoS、Probe攻击和U2R、R2L攻击。实验结果表明,该模型对于U2R和R2L的检测率分别提高到了68.6%和45.7%。
Through the research into the types of network attack and the intrusion detection methods,the fact that the normal intrusion detection method was not good enough for detecting U2R(User to Root) and R2L(Remote to Local) was found.To improve the detection rate of anomaly detection system for U2R and R2L,an anomaly detection model based on Support Vector Machine(SVM) and Bayesian classification was suggested.In order to reduce the redundant records in the training data,the BIRCH(Balanced Iterative Reducing and Clustering using Hierarchies) clustering algorithm was used.Besides,the detection model applied SVM for detecting DoS and Probe and used Bayesian classification to detect U2R and R2L.The experimental results show that the proposed model improves obviously the detection rate for U2R and R2L,up to 68.6 percent and 45.7 percent respectively.
出处
《计算机应用》
CSCD
北大核心
2012年第6期1632-1635,1639,共5页
journal of Computer Applications
基金
湖北省教育厅科技项目(D20101105)