摘要
为了更全面地检测到在系统和网络中的入侵行为,本文将信息融合技术用于入侵检测.首先,利用支持向量机进行分类,将基于主机的审计数据和基于网络的流量数据包分别训练,然后利用D-S证据理论按照一定的规则对两个支持向量机的预测结果进行决策层的融合。把基于主机的入侵检测和基于网络的入侵检测结合起来将大大提升入侵检测的性能,降低漏报率,提高准确率。
In order to detect the intrusion in the system, the paper applied the information fusion technology into intrusion detection.First,it trained the audit data based on host and network data based on net all together by using SVM and classified them.Then it adopted the D-S evidence theory to complete decision fusion.To some extent, it improves the performance of intrusion detection system, reduces the false negative and increases the predictive accuracy.
出处
《网络安全技术与应用》
2014年第8期101-101,105,共2页
Network Security Technology & Application
关键词
入侵检测
基于主机入侵检测
基于网络入侵检测
D-S证据理论
intrusion detection
host-based intrusion detection
network-based intrusion detection
D-S evidence theory
