基于主成分分析禁忌搜索和决策树分类的异常流量检测方法  被引量:10

Network anomaly detection method based on principle component analysis and tabu search and decision tree classification

在线阅读下载全文

作  者:冶晓隆[1] 兰巨龙[1] 郭通[1] 

机构地区:[1]国家数字交换系统工程技术研究中心,郑州450002

出  处:《计算机应用》2013年第10期2846-2850,2944,共6页journal of Computer Applications

基  金:国家科技支撑计划项目(2012BAH02B01;2012BAH02B03);国家863计划项目(2011AA01A103;2011AA01A101;2011BAH19B04)

摘  要:真实网络流量包括大量特征属性,现有基于特征分析的异常流量检测方法无法满足高维特征分析要求。提出一种基于主成分分析和禁忌搜索(PCA-TS)的流量特征选择算法结合决策树分类的异常流量检测方法,通过PCA-TS对高维特征进行特征约减和近优特征子集选择,为决策树分类方法提供有效的低维特征属性,结合决策树分类精度和处理效率高的优点,采用半监督学习方式进行异常流量实时检测。实验表明,与传统异常检测方法相比,此方法具有更高的检测精度和更低的误检率,其检测性能受样本规模影响较小,且对未知异常可以进行有效检测。Real network traffic contains mass of features, and the method of anomaly detection based on feature analysis is not suitable for high-dimensional features classification. A method based on Principal Component Analysis and tabu Tabu Search (PCA-TS) decision tree classification for anomaly detection was proposed. The method reduced high-dimensional features and selected optimal feature subset which was suitable for classification through PCA-TS algorithm, then the decision tree of higher detection rate and lower false rate was used for classification and detection based on semi-supervised learning. The experiment shows that the approach has higher detection accuracy and lower false rate compared with traditional anomaly detection method, and the detection performance is less affected by sample size and is suitable for real-time detection of unknown anomalies.

关 键 词:异常检测 决策树 特征选择 主成分分析 禁忌搜索 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象