检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]西安交通大学电子与信息工程学院,西安710049
出 处:《计算机工程》2006年第17期25-27,共3页Computer Engineering
基 金:国家"973"计划基金资助项目(2001CB309403);国家"863"计划基金资助项目(2004AA1Z2280)
摘 要:应用支持向量机处理入侵检测系统所产生的报警数据,以降低大量误报警。由于报警数据的异构性,在构造支持向量机时选择可以准确度量异构距离的类径向基核函数,以提高分类精度。实验数据是利用入侵检测器Snort对实验环境下获得的攻击和正常数据产生的报警数据集,并添加了6项背景属性以增强分类精度。测试结果表明了该文的方法具有良好的性能:在不增加漏报的前提下真报警率为100%,误报警消除率为99.7291%,每条数据的处理时间为0.38ms。Support vector machine (SVM) is used to deal with alerts produced by intrusion detection system to reduce false positive alerts. A similar radial basis function, which is based on heterogeneous value difference metric and can exactly measure the distance of heterogeneous value. is applied due to the heterogeneons alert data. The experimental data is the alerts produced by Snort, a kind of network intrusion detection system, with the attack and normal data in testing environment. Six background attributes are added to the experimental data to enhance the accuracy of classification. The testing results confirm the good performance of this method: at the cost of false negative alerts not increased, true positive ratio is 100%, reduced false positive ratio is 99.729 1%, and the processing time of each data is 0.38ms.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.119.122.86