摘要
为提高网络异常检测中数据对象异常程度的度量精度,降低复杂网络环境中噪声数据对于算法检测准确率的影响,将基于邻域关系定义的相对邻域熵引入到直推信度机的算法框架中,提出一种在相对领域熵基础上的直推式网络异常检测算法TCM-RNE。该算法利用相对邻域信息熵作为度量数据对象异常程度的工具,重新定义离群度,有效提高算法检测性能和抗噪性能。在KDD Cup数据集上的实验结果表明,与TCM-KNN算法相比,该算法在保证相同检测准确率的同时,降低了误测率,且在噪声干扰环境下具有更优的抗噪性能。
In order to further improve the accuracy of measuring outlier degree of data samples in Network Anomaly Detection(NAD),and to reduce the impact of noisy data on the algorithm’s detection accuracy in complex network environment,this paper proposes a network anomaly detection algorithm based on relative neighborhood entropy,called Transductive Confidence Machines for Relative Neighborhood Entropy(TCM-RNE).The algorithm redefines the outlier degree and uses the neighborhood entropy as a new tool to measure the outlier degree,to improve the detection accuracy and noise immunity of the rithm.Experimental results based on KDD Cup dataset show that the TCM-RNE improves the False Positive(FP) rate considerably and maintains a good True Positive(TP)rate,compared with the TCM-KNN algorithm.In addition,when providing training dataset contaminated by noisy data,the proposed algorithm still holds very good detection performance.
出处
《计算机工程》
CAS
CSCD
北大核心
2015年第8期132-139,共8页
Computer Engineering
基金
国家自然科学基金资助项目(51367014
61070139)
江西省自然科学基金资助项目(20142BAB207011
20142BAB217016)
江西省青年科学家培养计划基金资助项目(20112BCB23004)
江西省科技支撑计划基金资助重点项目(20111BBE50008)
江西省教育厅科技计划基金资助项目(GJJ14770)
关键词
网络异常检测
直推式信度机
邻域关系
相对邻域熵
奇异值
Network Anomaly Detection(NAD)
Transductive Confidence Machine(TCM)
neighborhood relation
Relative Neighborhood Entropy(RNE)
strangeness value
