计算机工程与应用 ›› 2010, Vol. 46 ›› Issue (28): 85-87.DOI: 10.3778/j.issn.1002-8331.2010.28.024

• 网络、通信、安全 • 上一篇    下一篇

HL-Isomap+SVM在网络入侵检测中的应用

郑凯梅1,2,钱 旭1,虎晓红1   

  1. 1.中国矿业大学(北京) 机电与信息工程学院,北京 100083
    2.中国防卫科技学院 信息工程系,北京 101601
  • 收稿日期:2009-06-25 修回日期:2009-08-12 出版日期:2010-10-01 发布日期:2010-10-01
  • 通讯作者: 郑凯梅

Anomaly network intrusion detection based on HL-Isomap and SVM

ZHENG Kai-mei1,2,QIAN Xu1,HU Xiao-hong1   

  1. 1.College of Mechatronics and Information Engineering,China University of Mining & Technology(Beijing),Beijing 100083,China
    2.Department of Information Engineering,China Institute of Defense Science and Technology,Beijing 101601,China
  • Received:2009-06-25 Revised:2009-08-12 Online:2010-10-01 Published:2010-10-01
  • Contact: ZHENG Kai-mei

摘要: 支持向量机所具有的处理小样本和良好的推广能力的优势,在入侵检测中得到了广泛应用。考虑到数据特征的高维性和冗余性,特征提取是一个关键步骤。采用非线性流形学习算法L-Isomap对入侵检测数据进行特征选择,然后应用one-class SVM训练并识别异常。通过将异构值差度量(HVDM)距离代替欧几里德距离提出了HL-Isomap。选用KDD数据集来比较上述不同模型,实验结果表明了降维方法的有效性,尤其是误警率性能得到了显著的提高。

关键词: 界标Isomap(L-Isomap), 支持向量机(SVM), 异构值差度量(HVDM), 入侵检测

Abstract: With great advantages in small sample and machine generalization ability,support vector machine has been widely applied in intrusion detection.Due to high dimensionality and redundancy of data,feature extraction is a crucial procedure.This paper proposes a scheme using popular non-linear dimension reduction tool L-Isomap and one-class support vector machine to detect intrusions.HL-Isomap is also proposed through replacing Euclidean metric with heterogeneous value difference metric.This paper evaluates different models with the KDD dataset.The experiment results show that the dimension reduction method is effective and the proposed model outperforms the conventional one-class SVM in false positive rate.

Key words: Landmark-Isomap(L-Isomap), Support Vector Machine(SVM), Heterogeneous Value Difference Metric(HVDM), intrusion detection

中图分类号: