摘要
提出了一种基于SOM-BMU距离度量的网络异常检测方法,该方法通过t分布,构建了被测样本到BMU距离的置信区间,当被检测样本与BMU之间的距离不在该置信区间内时,认定网络异常发生.此外,为了提高该方法的自适应性,引入了滑动窗口的操作.实验阶段,对比了基于OC-SVM的网络异常检测方法.实验表明,该方法具有较高检测率、低误报率和自适应性的特点.
A network anomaly detection method based on SOM-BMU distance metric is proposed, which constructs a confidence range for distance between the sample and its BMU under student distribution. Anomaly detection is discovered when the distance is out of confidence range. In order to improve the self-adjustment to network situation, slide-window operation is used in this method. Experimental results in contrast to anomaly detection method based on One-Class SVM show that the method proposed in this paper gets high detection rate while keeping the false positive rate in a low level. The method can adjust it-self according to current network situation.
出处
《河南师范大学学报(自然科学版)》
CAS
CSCD
北大核心
2009年第5期132-134,共3页
Journal of Henan Normal University(Natural Science Edition)
基金
河南省科技攻关项目(092102210231)
