摘要
审计是入侵检测的基础,为入侵检测提供必要的分析数据.在传统的网络安全审计与入侵检测系统中,需要由人工来定义攻击特征以发现异常活动.但攻击特征数据难以获取,能够预知的往往只是正常用户正常使用的审计信息.提出并进一步分析了一种基于支持向量描述(SVDD)的安全审计模型,使用正常数据训练分类器,使偏离正常模式的活动都被认为是潜在的入侵.通过国际标准数据集MIT LPR的优化处理,只利用少量的训练样本,试验获得了对异常样本100%的检测率,而平均虚警率接近为0.
Security audit, which is the basis of intrusion detection, provides the necessary data for intrusion detection analysis. In traditional security audit and intrusion detection system, the characteristics of an attack need to be defined by experts for the system to be able to successfully identify anomalous activities. Due to the difficulty in predicting attack data, in most cases administrators only get normal sequences of system calls. In this paper, a security audit system based on SVDD algorithm was designed to resolve the one-class problem in anomalous activity detection. All activities deviating from normal patterns were classified as potential intrusions. In experiments using the international standard data set MIT LPR, the oneclass classifier achieved a 100% detection rate and a zero false alarm rate for sequences of system calls based on a small training dataset. The proposed algorithms can be trained for anomalous activity detection simply by using normal samples and the algorithm also enables the security audit system to detect new types of anomalous behavior.
出处
《智能系统学报》
2007年第4期69-73,共5页
CAAI Transactions on Intelligent Systems
基金
江苏省自然科学基金资助项目(BK2005009)
中国博士后基金资助项目(2004036405)
江苏博士后基金资助项目(0401064B)
关键词
网络安全审计
入侵检测
支持向量描述
单类分类器
network security audit
intrusion detection
support vector data description, one-class classifier
