摘要
由于数据挖掘、贝叶斯等传统异常检测方法仅依据网络正常行为特征而没考虑异常行为特征,致使其异常检测率偏低和误报率偏高,该文基于尖点突变模型而针对性地提出了一种新的IP网络异常行为描述模型及其检测机制。它们充分利用了尖点突变模型的多稳态性和突变性,准确地描述了网络正常行为特征和异常行为特征。最后以Kdd-Cup 99数据集为例,对比了不同机制的异常检测性能,结果显示,与贝叶斯BN和决策树C4.5等机制相比,所提出的检测机制在检测率和误报率方面都有所优势。
Some traditional anomaly detection mechanisms (such as data mining and Bayes methods) have much poorer performance in terms of detection rate and false alarm rate because they consider only the normal behavior feature of IP networks, and neglect that of the abnormal behaviors. Motivate by the situations, this paper proposed a new characterization model of abnormal behaviors, and also developed an anomaly detection mechanism based on cusp-catastrophe for IP networks. They not only make the best of the prominent features of cusp-catastrophe in terms of multiple steady states and discontinuous catastrophe, and also can describe the normal behavior features and abnormal ones. Finally under Kdd-Cup 99 datasets, the proposed mechanism is evaluated, and the evaluation result shows that its detection rate and the false detection have greatly been improved compared with BN and C4.5.
出处
《电子科技大学学报》
EI
CAS
CSCD
北大核心
2011年第6期892-897,共6页
Journal of University of Electronic Science and Technology of China
基金
国家973计划(2007CB310706
2012CB315905)
国家自然科学基金(60725104
60873263
60932005
61172048
61100184)
教育部新世纪优秀人才支持计划(NCET-09-0268)
四川省青年基金(09ZQ026-032)
广东省产学研项目(2010A090200053)
