计算机工程与应用 ›› 2009, Vol. 45 ›› Issue (17): 102-104.DOI: 10.3778/j.issn.1002-8331.2009.17.031

• 网络、通信、安全 • 上一篇    下一篇

改进SVM在入侵检测中的应用研究

赵 博,李永忠,杨 鸽,徐 静   

  1. 江苏科技大学 电子信息学院,江苏 镇江 212003
  • 收稿日期:2008-04-09 修回日期:2008-07-09 出版日期:2009-06-11 发布日期:2009-06-11
  • 通讯作者: 赵 博

Research of improved SVM in intrusion detection

ZHAO Bo,LI Yong-zhong,YANG Ge,XU Jing   

  1. School of Electrics and Information,Jiangsu University of Science and Technology,Zhenjiang,Jiangsu 212003,China
  • Received:2008-04-09 Revised:2008-07-09 Online:2009-06-11 Published:2009-06-11
  • Contact: ZHAO Bo

摘要: 软间隔支持向量机(SVM,support vector machine)分类算法是目前入侵检测中最好的分类异常行为的机器学习算法之一,但是它是有监督学习方法,并不能适用于检测新的入侵行为;而1类SVM方法是一种可用于检测异常的无监督学习方法,但误警率比较高。根据以上两种方法,提出了一种改进的SVM方法,仿真实验证明这种方法是一种具有低误警率的无监督学习方法,具有和软间隔SVM相似的检测能力。

关键词: 支持向量机, 软间隔, 入侵检测, 1类支持向量机, 无监督学习

Abstract: The soft-margin SVM is one of the best machine learning algorithms to classify abnormal behaviors in intrusion detection.Because it is supervised learning methods,it is not appropriate to use the soft-margin SVM method for detecting novel attacks in Internet traffic.One-class SVM approach is an unsupervised learning method for detecting anomalies.But it is difficult to use the one-class SVM in the real world,due to its high false positive rate.In this paper,a new SVM approach is proposed which combines these two methods in order to provide unsupervised learning and low false alarm capability,similar to that of the soft-margin SVM approach.

Key words: Support Vector Machine, intrusion detection, soft-margin, one-class Support Vector Machine, unsupervised learning