摘要
提出一种基于免疫的多峰值进化异常入侵检测方法.self空间表示为一系列超球体,为提高self和non-self之间界线划分的精确度,还引入了可变半径self球体模型,训练检测器时计入self数据点分布特性的影响.改进的多峰值遗传算法使检测器尽量填充self附近以及self超球体之间难以检测的细小区域.实验显示系统获得较好结果,并且可变半径self球体模型在DARPA99网络数据集上提高检测率的同时降低了误报率,该数据集符合模型的假设.
The paper presents an artificial immunity based multimodal evolution approach for anomaly intrusion detection. Self space is described by a series of hyper-spheres, and a variable radius self sphere model is developed to locate the boundary between self and non-self more accurately, it takes the distribution characteristics of training set into account while generating detectors. The modified multimodal genetic algorithm guides the detectors evolving towards those blind small areas close to self set or among self spheres. Experiments indicated the proposed system got good results. Moreover, the variable radius self sphere model produced lower false alarm rate while provided higher detection rate on DARPA99 network data set, so this data set followed the hypothesis of that model.
出处
《小型微型计算机系统》
CSCD
北大核心
2008年第6期1122-1125,共4页
Journal of Chinese Computer Systems
关键词
人工免疫系统
入侵检测
多峰值进化
可变半径Self球体模型
artificial immune systems,intrusion detection,multimodal evolution,variable radius self sphere model