摘要
提出了一种基于支持向量数据描述算法的异常检测方法。该方法将入侵检测看作是一种单值分类问题,建立正常行为的支持向量描述模型,通过该模型可以检测各种已知和未知的攻击行为。该方法是一种无监督的异常检测方法,能够在包含噪声的数据集进行模型训练,降低了训练集的要求。在KDD CUP'99 标准入侵检测数据集上进行实验,并与无监督聚类异常检测实验结果相比较,证实该方法能够获得较高检测率和较低误警率。
This paper proposes a new anomaly intrusion detection method based on support vector data description (SVDD ). According to this method, intrusion detection is regarded as one-class classification problem. A support vector description model is built for normal data, and then known and unknown attacks can be detected using this model. This method falls into the category of unsupervised anomaly detection techniques as it can train the model with unlabeled and noisy data. Results from preliminary experiments with the KDD CUP'99 network data indicate that the method has satisfying performance.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2005年第3期39-42,共4页
Computer Engineering
基金
国家自然科学基金资助项目(66973034
90104005)