基于主动学习和TCM-KNN方法的有指导入侵检测技术  被引量:31

Supervised Intrusion Detection Based on Active Learning and TCM-KNN Algorithm

在线阅读下载全文

作  者:李洋[1] 方滨兴[1] 郭莉[1] 田志宏[1] 

机构地区:[1]中国科学院计算技术研究所

出  处:《计算机学报》2007年第8期1464-1473,共10页Chinese Journal of Computers

基  金:国家自然科学基金(60573134);国家信息安全计划项目基金(2005C39)资助~~

摘  要:有指导网络入侵检测技术是网络安全领域研究的热点和难点内容,但目前仍然存在着对建立检测模型的数据要求过高、训练数据的标记需要依赖领域专家以及因此而导致的工作量及难度过大和实用性不强等问题,而当前的研究工作很少涉及到这些问题的解决办法.基于TCM-KNN数据挖掘算法,提出了一种有指导入侵检测的新方法,并且采用主动学习的方法,选择使用少量高质量的训练样本进行建模从而高效地完成入侵检测任务.实验结果表明:其相对于传统的有指导入侵检测方法,在保证较高检测率的前提下,有效地降低了误报率;在采用选择后的训练集以及进行特征选择等优化处理后,其性能没有明显的削减,因而更适用于现实的网络应用环境.Supervised network intrusion detection has been an active and difficult research topic in the field of intrusion detection for many years. However, there still exist some unresolved and scarcely addressed problems such as the difficulties in obtaining adequate qualified attack data for the supervised classifiers to model the attack patterns, the data acquisition task is always timeconsuming and greatly relies on the domain experts, etc. Based on these, the authors first propose a novel supervised intrusion detection method based on TCM-KNN (Transductive Confidence Machines for K-Nearest Neighbors) data mining algorithm. Moreover, the authors introduce active learning method to select the most qualified data for training and thus assist TCM- KNN effectively in fulfilling the intrusion detection task. Experimental results demonstrate the proposed method has better results both in detection rate and false positives than the state-of- the-art intrusion detection methods. The method can also ensure good detection performance after optimizations by using instance selection and feature selection mechanisms. Therefore, it is more suitable for the real network applications than the traditional ones.

关 键 词:网络安全 入侵检测 TCM-KNN算法 主动学习 数据挖掘 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象