计算机工程与应用 ›› 2015, Vol. 51 ›› Issue (19): 125-128.

• 数据库、数据挖掘、机器学习 • 上一篇    下一篇

基于支持向量数据描述的报警融合方法

曹薇薇1,尹传环1,牟少敏2   

  1. 1.北京交通大学 计算机与信息技术学院,北京 100044
    2.山东农业大学 信息科学与工程学院,山东 泰安 271018
  • 出版日期:2015-09-30 发布日期:2015-10-13

Alarm fusion method based on support vector data description

CAO Weiwei1, YIN Chuanhuan1, MU Shaomin2   

  1. 1.School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
    2.School of Computer and Information Engineering,Shandong Agriculture University, Tai’an, Shandong 271018, China
  • Online:2015-09-30 Published:2015-10-13

摘要: 报警融合是入侵检测系统中很重要的一个环节,然而不同的攻击类型具有不同的数据特点,统一的无差别的处理方法势必会存在缺陷。提出了采用基于支持向量数据描述的报警融合算法,并且结合模拟退火的思想,根据不同的攻击类型,选择适合它的属性和核参数,剔除冗余特征,避免样本不均衡产生的影响,通过局部检测、数据融合以及最终的决策分析,提高了报警的检测率,降低了漏报率。通过KDD99数据集对提出的方法进行了验证。

关键词: 支持向量数据描述, 模拟退火, 报警融合, 检测率, 漏报率

Abstract: Alarm fusion is an important part in IDS. However, different attack types have different data characteristics;indiscriminate processing method must have some faults. This paper proposes an alarm fusion method based on Support Vector Data Description(SVDD), also combines the thought of Simulated Annealing(SA). It can choose the appropriate attributes and kernel parameters, at the same time, it can eliminate the redundant features and avoid the influence of imbalanced samples. This model can make false positive lower and improve the efficiency of intrusion detection through local detection, data fusion and final decision analysis. At last, this method is verified with the KDD99 data sets.

Key words: Support Vector Data Description(SVDD), Simulated Annealing(SA), alarm fusion, detection rate, false positive