级连层次图的网络入侵特征检测仿真  被引量：1

作　　者：傅娆 黎鹰 FU Yao;LI Ying(College of Software,Nanchang University,Nanchang Jiangxi 330031,China;Information Engineering College,Nanchang University,Nanchang Jiangxi 330031,China)

机构地区：[1]南昌大学软件学院,江西南昌330031 [2]南昌大学信息工程学院,江西南昌330031

出　　处：《计算机仿真》2019年第11期343-346,431,共5页Computer Simulation

摘　　要：针对传统的网络入侵特征检测中,一直存在由于构建入侵特征判断函数不准确,导致检测耗时过长,检测正确率较低、误报率和漏报率较高等问题,提出基于径向基核函数的网络入侵特征检测方法。通过将目标网络进行四元组合,确定入侵特征选择表达式;引入径向基核函数当作支持向量机的核函数,获取参数最优值;将网络入侵特征参数作为约束条件,采用粒子群算法确定支持向量机参数,获取粒子位置,并对粒子群速度进行更新,实现对入侵特征的获取;利用支持向量机,对入侵特征进行分类,当分类平面中出现线性不可分问题时,将其转化为线性优化问题,寻找出最优分类面,并对其进行判断,实现检测。实验结果表明,所提方法检测完成时间较短、检测正确率较高、误报率和漏报率均较低。In traditional network intrusion detection, the intrusion feature judgment function is not accurate, which results in long detection time and low detection accuracy. Meanwhile, the false alarm rate and false alarm rate are high. Therefore, a method to detect network intrusion based on radial basis function was proposed. The expression of intrusion feature selection was determined by quaternion combination of target network. Moreover, the radial basis function was introduced as the kernel function of support vector machine, so as to obtain the optimal parameters. The network intrusion feature parameters were taken as constraints. The particle swarm optimization algorithm was used to determine the parameters of support vector machine and obtain the particle position. By updating the particle swarm velocity, the intrusion features were obtained. In addition, the support vector machine was used to classify intrusion features. The linear inseparable problems occurred in the classification plane could be transformed into linear optimization problems. Finally, the optimal classification surface was found and judged. Thus, the detection was achieved. Simulation results show that the proposed method has shorter detection time, higher detection accuracy, lower false alarm rate and lower false alarm rate.

关 键 词：级连层次图 网络入侵 特征检测 支持向量机 

分 类 号：TP391.41[自动化与计算机技术—计算机应用技术]