摘要
网络异常行为检测是入侵检测中不可或缺的部分,单一的检测方法很难获得较好的检测结果。针对经典D-S证据理论不能有效合成高度冲突证据的不足,提出将基于改进的加权D-S证据组合方法应用到网络异常行为检测中,并融合多个SVM,建立新的入侵检测模型。该方法通过引入平均证据得到权重系数,以此区分各证据在D-S融合中的影响程度,因此能有效解决证据的高度冲突。仿真结果表明,与传统的基于D-S证据理论的异常检测相比,本模型能够有效提高融合效率,进而提高检测性能。
Network anomaly behavior detection is the important section of the intrusion detection, and it is hard for single security measure to attain good detection result. According to the evidence com- bination problem of highly conflict evidences, the paper applies an improved combination method based on weight to network anomaly behavior detection, and builds an intrusion detection model with multiple SVM classifiers. The method uses average evidences and weight value to distinguish the importance a- mong all evidences, and thus it can deal with the conflicting evidences. Simulation results show that, compared with the traditional D-S theory, the proposed model can effectively improve the integration ef- ficiency, thereby improving detection performance.
出处
《计算机工程与科学》
CSCD
北大核心
2014年第1期83-87,共5页
Computer Engineering & Science
基金
江苏省自然科学基金重点研究专项项目(BK2011003)
国家自然科学基金资助项目(61103223)
江苏省六大人才高峰基金资助项目