摘要
入侵检测系统在保障Internet应用系统安全方面发挥着重要作用 .作为异常检测依据 ,用户行为轮廓的准确程度直接关系到入侵检测系统的检测性能 .由于Internet环境的开放性造成用户行为模式多变 ,导致用户行为轮廓准确程度下降 .本文提出了基于信息可视化的入侵检测框架 ,并进一步提出了基于CCA(Curvilinearcomponentanaly sis)的可视化算法 .该可视化算法比传统算法具有更好的距离映射性能 ,可为安全专家提供准确的可视信息 ,有利于安全专家直观地观察用户行为模式 ,并合理选择聚类算法创建轮廓 ,从而提高行为轮廓创建的准确性 .
Intrusion detection systems take an important role in securing Internet applications.The exactness of user behavior profiles directly affects the detection performance of intrusion detection systems because profiles are the criterion of anomaly detection.The exactness of profiles would be reduced with the use of traditional profile creation methods due to uncertainty of user behavior patterns in Internet.We proposes a new intrusion detection scheme based on information visualization,and presents a new CCA(Curvilinear Component Analysis)-based visualization algorithm.This algorithm is better than traditional algorithm in the performance of distance mapping,and can provide more exact visual information for security experts.Visual information of user behavior patterns facilitates security experts to select more suitable cluster analysis algorithms to create more exact behavior profiles.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2004年第8期1381-1384,共4页
Acta Electronica Sinica
基金
国家 8 63计划 (No .2 0 0 1AA41 4 2 2 0
No.2 0 0 1AA41 4 0 2 0
No.2 0 0 2AA41 2 0 1 0 )
关键词
入侵检测
异常检测
行为轮廓创建
信息可视化
CCA
intrusion detection
anomaly detection
behavior profile creation
information visualization
CCA