期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

扩展D-S证据理论在网络异常检测中的研究 被引量:3

Research on extended D-S theory in network anomaly detection
下载PDF
导出
摘要 网络异常检测是入侵检测系统中重要的组成部分,然而传统网络异常检测方法中存在虚警率高、单一检测算法对多种入侵行为的检测不够全面等问题。提出了一种基于改进D-S证据理论融合多个分类器的分布式网络异常检测模型及其融合方法。鉴于经典D-S证据理论在证据间存在冲突时的不合理,采用一种带权重的改进型D-S证据理论,提出一种全新的融合策略融合多个分类器建立异常检测模型。通过KDD99数据集对该模型进行验证,结果证明该异常检测模型可以明显降低网络异常检测的虚警率,提高检测精度。 Network anomaly detection is an important part of the intrusion detection system,however,there are many problems in traditional network anomaly detection methods,such as high false positive rate and the limitation of detecting multiple types of the intrusion actions.A distributed anomaly detection model and the fusion method are proposed based on extended D-S evidence theory.Meanwhile,considering the unreasonableness in the traditional D-S evidence theory when there exist conflictions in the evidences,an extended D-S evidence theory with weights is adopted,and a newly fusion policy is proposed to build an anomaly detection model with multiple classifiers.According to the verification of the KDD99 data set,experiments show that the proposed model and method can obviously reduce the false positve rate,and simultaneously improve the detection rate.
作者 王宏 刘渊
机构地区 江南大学物联网工程学院 江南大学数字媒体学院
出处 《计算机工程与应用》 CSCD 北大核心 2011年第34期117-121,共5页 Computer Engineering and Applications
基金 江苏省科技厅科技支撑计划项目(No.BE2009009) 江南大学自主科研计划资助(No.JUSRP30909)
关键词 D-S证据理论 异常检测 数据融合 D-S evidence theory anomaly detection data fusion
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献16

  • 1Staniford S, Hoagland J A, McAlemey J M.Practical automated detection of stealthy portscans[J].Journal of Computer Security, 2002,10(1): 105-136.
  • 2Bridges S M,Vaughn R M.Fuzzy data mining and genetic algorithms applied to intrusion detection[C]//Proceedings 23rd National Information Systems Security Conference,Baltimore,MD,2000: 13-31.
  • 3Sung A H, Mukkamala S.Identify important features for intrusion detection using support vector machines and neural networks[C]// IEEE Proceedings of the 2003 Symposium on Application and the Internet, 2003 : 209-216.
  • 4Zhu Gengrning, Liao Junguo.Research of intrusion detection based on support vector machine[C]//Advanced Computer Theory and Engineering, 2008 : 434-438.
  • 5Giorgio G, Fabio R, Luca D.Fusion of multiple classifiers for intrusion detection in computer networks[J].Pattern Recognition Letters, 2003,24:1795-1803.
  • 6Ciza T,Narayanaswamy B.Advanced sensor fusion technique for enhanced intrusion detection[C]//Proceedings of IEEE International Conference on Intelligence and Security Informatics,2008: 173-178.
  • 7Ciza T, Balakrishnan N.Performance enhancement of intrusion detection systems using advances in sensor fusion[C]//Proceedings of the llth International Conference on Information Fusion, 2008 : 1-7.
  • 8Ciza T,Balakrishnan N.Improvement in intrusion detection with advances in sensor fusion[J].IEEE Transactions on Information Forensics and Security, 2009,4 (3) : 542-551.
  • 9赵晓峰.基于D-S理论的入侵检测系统[J].计算机应用,2008,28(9):2255-2258. 被引量:2
  • 10诸葛建伟,王大为,陈昱,叶志远,邹维.基于D-S证据理论的网络异常检测方法[J].软件学报,2006,17(3):463-471. 被引量:56

二级参考文献11

  • 1李昆仑,黄厚宽,田盛丰,刘振鹏,刘志强.模糊多类支持向量机及其在入侵检测中的应用[J].计算机学报,2005,28(2):274-280. 被引量:49
  • 2肖云,韩崇昭,郑庆华,王清.一种基于多分类支持向量机的网络入侵检测方法[J].西安交通大学学报,2005,39(6):562-565. 被引量:13
  • 3赵晓峰,叶震.基于加权多随机决策树的入侵检测模型[J].计算机应用,2007,27(5):1041-1043. 被引量:6
  • 4KLEIN LA. A boolean algebra approach to multiple sensor voting fusion[ J]. IEEE transactions on aerospace and electronic systems, 2004, 29( 1 ) : 317 - 327.
  • 5CHAN A P F, NG W W Y, YEUNG D S, et al. Multiple classifier system with feature grouping for intrusion detection: Mutual information approach[ C]// Proceeding of the 9th international Conference on Knowledge-Based Intelligent Information & Engineering Systems. Melbourne, Australia: [ s. n. ], 2005:215 -221.
  • 6NG W W Y, CHAN A P F, YEUNG D S, et al. Quantitative study on the generalization error of multiple classifier systems[ C]// Proceeding of International Conference on Systems, Man and Cybernetics. Hawaii, USA: IEEE Press, 2005:405 -416.
  • 7SHAFER G. A mathematical theory of evidence[ M]. Princeton: Princeton University Press, 1976.
  • 8KDD Cup 1999 Data[ EB/OL]. [ 2008 - 01 - 01 ]. http://www.ics. uei. edu/-kdd/databases/kddeup99/kddeup99.html.
  • 9GRUNDEL D, MURPHEY R, PARALOS P. Theory and algorithms for cooperative systems[ M]. Singapore: World Scientific, 2005:239 -310.
  • 10饶鲜,董春曦,杨绍全.基于支持向量机的入侵检测系统[J].软件学报,2003,14(4):798-803. 被引量:135

共引文献55

同被引文献38

  • 1诸葛建伟,王大为,陈昱,叶志远,邹维.基于D-S证据理论的网络异常检测方法[J].软件学报,2006,17(3):463-471. 被引量:56
  • 2许丹,李翔,汪小帆.复杂网络病毒传播的局域控制研究[J].物理学报,2007,56(3):1313-1317. 被引量:63
  • 3刘靖旭,蔡怀平,谭跃进.支持向量回归参数调整的一种启发式算法[J].系统仿真学报,2007,19(7):1540-1543. 被引量:25
  • 4于洪珍,徐立忠,王慧斌.监测监控信息融合技术[M].北京:清华大学出版社,2011.
  • 5Staniford S, Hoagland J A, McAlemey J M. Practical automated detec-tion of stealthy portscans [ J]. Journal of Computer Security,2002,10(1):105-136.
  • 6Bridges S M, Rayford M Vaughn. Fuzzy data mining and genetic algo-rithms applied to intrusion detection [ C]//Proceedings 23rd NationalInformation Systems Security Conference, Baltimore,MD,2000: 13 —31.
  • 7Sung A H, Mukkamala S. Identify important features for intrusion detec-tion using support vector machines and neural networks [ C] //IEEEProceedings of the 2003 Symposium on Application and the Internet,2003:209-216.
  • 8Zhu Ming, Liao Junguo. Research of Intrusion Detection Based on Sup-port Vector Machine [ C] //Advanced Computer Theory and Engineer-ing,2008 :434-438.
  • 9Maheshkumar Sabhnani,Gtirsel Serpen. Application of Machine Learn-ing Algorithms to KDD Intrusion Detection Dataset within Misuse De-tection Context [ C] //Proceedings of the International Conference onMachine Learning, Models, Technologies andAp2plications. MLMTA,03,June,Las Vegas,Nevada, USA,2003 :209 -215.
  • 10http://www. csie. ntu. edu. tw/ ~ cjlin/libsvm/.

引证文献3

二级引证文献19

计算机工程与应用
2011年 第34期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部