期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

相对熵密度偏差在入侵检测模型中的应用 被引量:1

Application of relative entropy density divergence in intrusion detection models
下载PDF
导出
摘要 针对入侵检测系统(IDS)中基于训练数据选择较好的异常检测模型。使用相对熵密度偏差作为模型之间的度量。通过分析模型的分布与训练数据真实分布的差异,根据原数据本身的相依关系,使用较少的数据选择出较好的适用检测模型。实验结果证明针对所给的数据,隐马氏模型(HMM)要好于马氏链模型(MCM)。 In order to choose the better anomalous detection model based on the training data in intrusion detection system (IDS),this paper uses the relative entropy density divergence as a measure of the models.Through analyzing the difference between the model's distribution and the training data's real distribution,using few data to find the better suitable detection model based on the dependence of the original data.The experimental results show that the HMM is better than the MCM in view of the given data.
作者 贾春福 陈德强
机构地区 南开大学信息技术科学学院
出处 《计算机工程与应用》 CSCD 北大核心 2009年第13期20-22,共3页 Computer Engineering and Applications
基金 国家自然科学基金No60577039 天津市科技发展计划基金(No.05YFGZGX24200)~~
关键词 入侵检测 相对熵密度偏差 异常检测 intrusion detection relative entropy density divergence anomalous detection
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献6

  • 1Lee W,Xiang D.Information-theoretic measures for anomaly detectian[C]//Proceedings of the 2001 IEEE Symposium on Security and Privacy,May 2001.
  • 2Tan K,Maxion R.Determining the operational limits of an anomalybased intrusion detector[J].Selected Areas in Communications,2003,21(14):96-110.
  • 3Gray R M.Entropy and information theory[M].New York:Springer Verlag,1990:12-52.
  • 4Gu G,Fogla P,Dagon D,et al.Measuring intrusion detection capability:An information-theoretic approach[C]//Proceedings of ACM Symposium on Inform Action,Computer and Communications Security,Taipei,Taiwan,March 2006.
  • 5Gu G,Fagla P,Dagon D,et al.Towards an iuformation-theoretic framework for analyzing intrusion detection systems[C]//Proceedings of the 11th European Symposium on Research in Computer Security(ESORICS' 06),Hamburg,Germany,September 2006.
  • 6Wang W,Guan X H,Zhang X L.Modeling program behaviors by hidden Markov models for intrusion detection[C]//Proceedings of 2004 International Conference on Machine Learning and Cybernetics,2004,5 (26-29):2830-2835.

同被引文献7

  • 1田俊峰,张喆,赵卫东.基于误用和异常技术相结合的入侵检测系统的设计与研究[J].电子与信息学报,2006,28(11):2162-2166. 被引量:23
  • 2LIPPMANN R P, CUNNINGHAM R, FRIED D, et al. Results of the DARPA 1998 off-line intrusion detection evaluation[EB/OL]. [2009 - 10 -05]. http://www. raid-symposium, org/raid99/PAPERS/Lippmann_DARPA. pdf.
  • 3LIPPMANN R, HAINES J, FRIED D, et al. The 1999 DARPA offline intrusion detection evaluation [ J]. Computer Networks, 2000, 34(4) : 579 -595.
  • 4ULVILA J W, GAFFNEY J E. Evaluation of intrusion detection systems[ J]. Journal of Research of the National Institute of Standards and Technology, 2003, 108(6) : 453 -473.
  • 5GU GUOFEI, FOGLA P, DAGON D, et al. Measuring intrusion detection capability: An information-theoretic approach in proeeodings of ACM symposium on information[C]// Proeeodings of the 2006 ACM Symposium on Information, Computer and Communications Security. New York: ACM, 2006:90 - 101.
  • 6NONG Y, SYED M E, LI X Y, et al. Statistical process control for computer intrusion detection[J]. DARPA Information Survivability Conference and Exposition Anaheim, 2001, 1(1) : 3 - 14.
  • 7GAFFNEY J E, ULVILA J W. Evaluation of intrusion detectors: A decision theory approach[C]//Proceedings of the 2001 IEEE Sym- posium on Security and Privacy. Washington, DC: IEEE Computer Society, 2001 : 50.

引证文献1

二级引证文献1

计算机工程与应用
2009年 第13期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部