网络连接记录时间窗实验研究

Experimental Research on Time Window of Network Connection Records

首先阐明了特征属性的选择直接影响分类模型的精度和对入侵数据检测的准确性,而特征属性的选取又与先验知识和原始数据有着密切的联系。在构造出一个合适的特征属性集的基础上,通过改变时间窗口的大小,分析研究了错误分类率和时间窗的关系,得出一个比较理想的时间窗口,该窗口能够有效地提高异常检测模型对未知攻击的检测能力。分析了各个实验结果的差别和形成的原因。

By means of changing time window size and analyzing the relation of class fiction rate and the time window,a satisfactory time window was obtained. The difference of each experiment result and reason of its generation was analyzed. It was found that the feature selection directly affects the classification model precision and detection accuracy for intrusion data,and the selection of features has intimate touch with prior knowledge and initial data.