摘要
针对M IT L inco ln L ab数据集评测方法中背景超文本传输协议(hypertex t transfer protoco l,HTTP)流量在用户建模和流量模拟时会造成偏差,提出了一种基于用户轮廓的W eb流量模拟方法。该方法在应用层进行数据采集并对用户行为特征进行建模生成用户轮廓知识库,模拟时可根据不同网络环境特征扩展生成虚拟用户轮廓。实验分析表明,该方法能同时兼顾流量模拟的扩展性和真实性,生成的数据集流量特征与实际网络相吻合,用于入侵检测系统评测时能有效降低误报率指标。
Deviations in simulated HTTP traffic for intrusion detection evaluation are reduced by a scalable Web simulation method based on user personahzation which improves Web traffic simulation. The method uses user-level Web mining and automatic user-profiling. After user personalization, each user's patterns are profiled and stored in the knowledge base for simulation. Virtual user profile is introduced for Web traffic simulations of various networks. Tests illustrate the high fidelity and scalability of the simulated Web traffic, which makes the dataset more "real" and suitable for IDS evaluations. The tests also show that the dataset greatly reduces false positives.
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2006年第10期1780-1783,共4页
Journal of Tsinghua University(Science and Technology)
基金
国家"八六三"高技术项目(2001AA142020)
关键词
入侵检测
Web流量模拟
数据集评测
intrusion detection
Web traffic simulation
dataset evaluation