检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:杜红乐[1] 樊景博[1] 刘爱军[1] 曹静[1] 赵建华[1]
机构地区:[1]商洛学院,陕西商洛726000
出 处:《解放军理工大学学报(自然科学版)》2011年第6期611-616,共6页Journal of PLA University of Science and Technology(Natural Science Edition)
基 金:陕西省教育厅专项科研计划资助项目(09JK424)
摘 要:针对检测代理负载过大导致丢包率较高的情况,提出了基于Huffman树SVM(HT-SVM)的协同网络入侵检测。根据网络协议对网络数据进行分流,通过构建多个检测代理(TCP检测代理、UDP检测代理和ICMP检测代理)协同工作,减少检测代理的负载。由于Huffman树SVM结构对决策准确率及决策速度都有较大的影响,结合类间距离、类内样本数及类半径定义分离测度,并根据分离测度利用并行算法构建HT-SVM检测代理。用KDDCUP99数据集进行实验,对比单个检测代理的结果发现,不仅减少了训练时间和决策时间,而且提高了准确率。There are the problems of high-speed networks,traffic flow and complex topology in current computer networks.Detection agent has high packet loss rate and low detection accuracy because of the excessive load.A cooperative intrusion detection based on HT-SVM was proposed.According to Network protocol,construct multiple detection agents(TCP detection agent,UDP detection agent and ICMP detection agent) to work together to reduce the detection agent load.In addition,the structure of Huffman tree SVM seriously affects the detection speed and detection accuracy.Combining with the distance between classes,the number of class samples and class radius,separation measure was defined.Then the detection agent of HT-SVM with the parallel algorithm was constructed according to the separation measure.Finally,experiment was done with KDDCUP99 dataset,and experimental results show that the method proposed can not only reduce the training time and testing time but also improve the detection accuracy.
关 键 词:Huffman树SVM 协同入侵检测 支持向量机
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7
