期刊文献+

基于支持向量机和贝叶斯分类的异常检测模型 被引量:7

Anomaly detection model based on support vector machine and Bayesian classification
下载PDF
导出
摘要 通过对网络攻击类型和入侵检测方法的研究,发现常用的入侵检测方法不能很好地检测U2R和R2L两类攻击。为解决异常检测中对于U2R和R2L两类攻击检测率低的问题,提出了一种基于支持向量机和贝叶斯分类的异常检测模型,该模型利用BIRCH聚类算法减少训练数据集中重复记录,并利用支持向量机分类算法和贝叶斯分类算法分别检测DoS、Probe攻击和U2R、R2L攻击。实验结果表明,该模型对于U2R和R2L的检测率分别提高到了68.6%和45.7%。 Through the research into the types of network attack and the intrusion detection methods,the fact that the normal intrusion detection method was not good enough for detecting U2R(User to Root) and R2L(Remote to Local) was found.To improve the detection rate of anomaly detection system for U2R and R2L,an anomaly detection model based on Support Vector Machine(SVM) and Bayesian classification was suggested.In order to reduce the redundant records in the training data,the BIRCH(Balanced Iterative Reducing and Clustering using Hierarchies) clustering algorithm was used.Besides,the detection model applied SVM for detecting DoS and Probe and used Bayesian classification to detect U2R and R2L.The experimental results show that the proposed model improves obviously the detection rate for U2R and R2L,up to 68.6 percent and 45.7 percent respectively.
出处 《计算机应用》 CSCD 北大核心 2012年第6期1632-1635,1639,共5页 journal of Computer Applications
基金 湖北省教育厅科技项目(D20101105)
关键词 异常检测 BIRCH聚类 支持向量机 贝叶斯分类 KDD99 anomaly detection BIRCH clustering Support Vector Machine(SVM) Bayesian classification KDD99
  • 相关文献

参考文献15

  • 1TAVALLAEE M, BAGHERI E, LU W, et al . A detailed analysis of the KDD CUP 99 data set[ C]// Computational Intelligence for Se- curity and Defense Applications. Piscataway, NJ: IEEE Press, 2009: 53 -58.
  • 2张新有,曾华燊,贾磊.入侵检测数据集KDD CUP99研究[J].计算机工程与设计,2010,31(22):4809-4812. 被引量:121
  • 3PATCHA A, PARK J. An overview of anomaly detection tech- niques: existing solutions and latest technological trends[ J]. Com- pute Networks, 2007, 51(12) : 3448 -3470.
  • 4KDD CUP 1999 Data[ EB/OL]. [ 2011-10-28]. http://kdd, ies. uei. edu/databases/kddcup99/kddeup99, html.
  • 5XIANG CHENG, YONG P C, MENG L S. Design of multiple-level hybrid classifier for intrusion deteetion system using Bayesian cluste- ring and decision trees[ J]. Pattern Recognition, 2008, 29(7):918 - 924.
  • 6SABHNANI M R, SERPEN G. Application of machine learning al- gorithms to KDD intrusion detection dataset with in misuse detection context[ EB/OL]. [ 2011- 11-20]. http://neuro, bstu. by/ai/To- donr/My _ research/Papers-0/For-research/D-mining/Anomaly-D/ KDD-cup-99/mimta03. pdf.
  • 7WANG XUREN, HE FAMEI, XU RONGSHENG. Modeling intru- sion detection system by discovering association rule in rough set theory framework[ C]//Proceedings of the International Conference on Computational IntelIigence for Modeling Control and Antomation, and International Conference on Intelligent Agents. Washington, DC: IEEE Computer Society, 2006: 24.
  • 8TOOSI A N, KAHANI M. A new approach to intrusion detection based on an evolutionary soft computing model using neuron-fuzzy classifiers[ J]. Computer Communications, 2007, 30( 10): 2201 - 2212.
  • 9HORNG S J, SU M Y. A novel intrusion detection system based on hierarchical clustering and support vector machines[ J]. Expert Sys- tems with Applications, 2011,38 (1) : 306 -313.
  • 10ZHANG TIAN, RAMAKRISHNAN R, LIVNY M. BIRCH: An ef- ficient data clustering method for very large database[ C]// Pro- ceedings of the ACM SIGMOD. New York: ACM, 1996:103 - 114. VAPNIK V N. The nature of statistical learning theory[ M]. Berlin: Sorinzer. 1995.

二级参考文献50

  • 1史美林,钱俊,许超.入侵检测系统数据集评测研究[J].计算机科学,2006,33(8):1-8. 被引量:24
  • 2祖宝明,詹永照,卿林.一种针对MANET入侵检测Agent分布的分簇方法[J].微计算机信息,2007,23(05X):41-43. 被引量:1
  • 3LEE W,STOLFO S,MOK K. A data mining framework for adaptive intrusion detection[EB/OL]. http://www.cs.columbia.edu/~sal/ hpapers/framework.ps.gz.
  • 4LEE W, STOLFO S J, MOK K. Algorithms for mining system audit data[EB/OL]. http://citeseer.ist.psu.edu/lee99algorithms.html. 1999.
  • 5KRUEGEL C, TOTH T, KIRDA E.Service specific anomaly detection for network intrusion detection[A]. Proceedings of the 2002 ACM Symposium on Applied Computing[C]. Madrid, Spain, 2002. 201-208.
  • 6LIAO Y, VEMURI V R. Use of text categorization techniques for intrusion detection[A]. 11th USENIX Security Symposium[C]. San Francisco, CA, 2002.
  • 7An extensible stateful intrusion detection system[EB/OL]. http://www.cs.ucsb.edu/~kemm/NetSTAT/doc/index.html.
  • 8ILGUN K. USTAT: A Real-Time Intrusion Detection System for UNIX[D]. Computer Science Dep University of California Santa Barbara, 1992.
  • 9The open source network intrusion detection system [EB/OL]. http://www.snort.org/.
  • 10KO C, FINK G, LEVITT K. Automated detection of vulnerabilities in privileged programs by execution monitoring[A]. Proceedings of the 10th Annual Computer Security Applications Conference [C]. Orlando, FL: IEEE Computer Society Press, 1994. 134-144.

共引文献346

同被引文献82

引证文献7

二级引证文献40

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部