检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]信息工程大学,郑州450001
出 处:《计算机应用》2016年第2期499-504,共6页journal of Computer Applications
基 金:国家自然科学基金资助项目(61309013)~~
摘 要:针对目前网络报警信息融合方法仅以单时间点为处理单元,无法适应网络攻击逐渐呈现出的隐蔽性强、持续时间长等特点,提出一种基于时间对抗的网络报警深度信息融合方法。面对多源异构报警数据流,首先采集并保存当前一个较长时间窗口内的报警信息,然后利用基于滑动窗口的流聚类算法对报警信息进行聚类,最后引入窗口衰减因子对聚类后的报警进行深度融合。真实数据的实验结果显示,与基本DS证据理论(Basic-DS)和指数加权DS证据理论(EWDS)融合方法方法相比,该方法有较高的检测率和较低的误检率,但因为采用了更长的时间窗口,精简率上略低;实际测试与性能分析也表明,该算法的时延较小,能更加有效地检测网络攻击,且能完成实时处理。Due to using a single point in time for the processing unit, current network alerts information fusion methods cannot adapt to the network attacks with high concealment and long duration. Aiming at this problem, a network alerts depth information fusion method based on time confrontation was proposed. In view of multi-source heterogeneous alerts data flow,firstly, the alerts were collected and saved in a long time window. Then the alerts were clustered using a clustering algorithm based on sliding window. Finally, the alerts were fused by introducing window attenuation factor. The experimental results on real data set show that, compared with Basic-DS and EWDS( Exponential Weight DS), the proposed method has higher True Positive Rate( TPR) and False Positive Rate( FPR) as well as lower Data to Information Rate( DIR) because of longer time window. Actual test and theoretical analysis show that the proposed method is more effective on detecting network attacks, and can satisfy real-time processing with less time delay.
关 键 词:异构数据流 网络报警 深度信息融合 时间对抗 衰减因子
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.248