计算机工程与应用 ›› 2009, Vol. 45 ›› Issue (13): 20-22.DOI: 10.3778/j.issn.1002-8331.2009.13.006

• 博士论坛 • 上一篇    下一篇

相对熵密度偏差在入侵检测模型中的应用

贾春福,陈德强   

  1. 南开大学 信息技术科学学院,天津 300071
  • 收稿日期:2009-01-13 修回日期:2009-02-14 出版日期:2009-05-01 发布日期:2009-05-01
  • 通讯作者: 贾春福

Application of relative entropy density divergence in intrusion detection models

JIA Chun-fu,CHEN De-qiang   

  1. College of Information Technology and Science,Nankai University,Tianjin 300071,China
  • Received:2009-01-13 Revised:2009-02-14 Online:2009-05-01 Published:2009-05-01
  • Contact: JIA Chun-fu

摘要: 针对入侵检测系统(IDS)中基于训练数据选择较好的异常检测模型。使用相对熵密度偏差作为模型之间的度量。通过分析模型的分布与训练数据真实分布的差异,根据原数据本身的相依关系,使用较少的数据选择出较好的适用检测模型。实验结果证明针对所给的数据,隐马氏模型(HMM)要好于马氏链模型(MCM)。

Abstract: In order to choose the better anomalous detection model based on the training data in intrusion detection system(IDS),this paper uses the relative entropy density divergence as a measure of the models.Through analyzing the difference between the model’s distribution and the training data’s real distribution,using few data to find the better suitable detection model based on the dependence of the original data.The experimental results show that the HMM is better than the MCM in view of the given data.