检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:蔡龙征[1] 余胜生[1] 周敬利[1] 王晓锋[1]
机构地区:[1]华中科技大学计算机科学与技术学院,湖北武汉430074
出 处:《小型微型计算机系统》2006年第10期1856-1860,共5页Journal of Chinese Computer Systems
基 金:国家自然科学基金项目(60373088)资助;国防研究基金项目(4131605)资助
摘 要:提出了一种基于无类标训练数据的异常检测方法(ADUTD),该方法克服了传统异常检测需要纯净训练数据或有类标训练数据的限制,提高了异常检测的可用性.ADUTD通过过滤掉网络连接记录属性中低频率类型值的方法,过滤掉由训练数据中的攻击记录引入的类型值,并建立正常行为的统计模型.建立模型所使用的属性不仅包括网络连接中数据包的头部字段,也包括应用层的数据.ADUTD另一个特点是按网络连接服务类型划分数据并分别建立统计模型,提高了检测模型的预测能力.用DARPA1999评估数据集所做的实验结果显示,ADUTD能有效检测网络入侵.This paper proposed a network connection based anomaly detection approach with unlabeled training data (ADUTD). It can be considered as an enhancement to traditional anomaly detection methods by building detection models from noisy training data, ADUTD exploits the property that if there are intrusions hidden in training data, they are likely to consist of some kinds of attribute values with low frequency of occurrence. Both fields of packets' header and application layer data are used as attributes for building models and detecting intrusions. Furthermore, network traffic is divided into different parts according to their service types, and models are built for each part so as to enhance the ability of detecting attacks. Empirical experiments with DARPA 1999 IDS evaluation data set show that with unlabeled noisy training data, ADUTD has compared performance with previous schemes trained with clean or labeled data, When both trained with clean data, ADUTD has higher detection rate then previous schemes,
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.74
