基于支持向量机的降低入侵检测误报警方法  被引量:7

Method of Reducing False Positive Alerts Based on Support Vector Machine in Intrusion Detection

在线阅读下载全文

作  者:肖云[1] 韩崇昭[1] 

机构地区:[1]西安交通大学电子与信息工程学院,西安710049

出  处:《计算机工程》2006年第17期25-27,共3页Computer Engineering

基  金:国家"973"计划基金资助项目(2001CB309403);国家"863"计划基金资助项目(2004AA1Z2280)

摘  要:应用支持向量机处理入侵检测系统所产生的报警数据,以降低大量误报警。由于报警数据的异构性,在构造支持向量机时选择可以准确度量异构距离的类径向基核函数,以提高分类精度。实验数据是利用入侵检测器Snort对实验环境下获得的攻击和正常数据产生的报警数据集,并添加了6项背景属性以增强分类精度。测试结果表明了该文的方法具有良好的性能:在不增加漏报的前提下真报警率为100%,误报警消除率为99.7291%,每条数据的处理时间为0.38ms。Support vector machine (SVM) is used to deal with alerts produced by intrusion detection system to reduce false positive alerts. A similar radial basis function, which is based on heterogeneous value difference metric and can exactly measure the distance of heterogeneous value. is applied due to the heterogeneons alert data. The experimental data is the alerts produced by Snort, a kind of network intrusion detection system, with the attack and normal data in testing environment. Six background attributes are added to the experimental data to enhance the accuracy of classification. The testing results confirm the good performance of this method: at the cost of false negative alerts not increased, true positive ratio is 100%, reduced false positive ratio is 99.729 1%, and the processing time of each data is 0.38ms.

关 键 词:入侵检测 误报警 支持向量机 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象