摘要
在互联网流量中,大部分网络数据是正常用户的访问数据,只有很小的一部分是攻击数据。针对这一点,文中通过对SVM的深入研究,结合C-SVM模型与One-class SVM模型的优点,提出了一种高精度且拥有无监督特性的模型One Class Enhanced SVM(ONE-ESVM),该模型很适合入侵检测某类数据量比例很大而其他类型的数据量比例较小的场景。文中通过CSE-CIC-IDS2018数据集对该模型进行了验证,结果表明,ONE-ESVM除了拥有One-class SVM的无监督特性外,其预测正确率最高能达到95.81%,误报率最低至0.49%,其性能足以满足网络入侵检测系统的需求。
In Internet traffic,most of the network data is the access data of normal users,and only a small part is the attack data.In view of this,this paper proposes a high-precision model with unsupervised characteristics,One Class Enhanced SVM(ONE-ESVM),through in-depth research on SVM and combining the advantages of the C-SVM model and the One-class SVM model.This model is suitable for the scenario of intrusion detection in which a certain type of data has a large proportion while other types have a small proportion of data.The model is verified by the CSE-CIC-IDS 2018 data set in this paper.The results show that in addition to the unsupervised feature of One-class SVM,the prediction accuracy of One-ESVM can reach 95.81%and the false alarm rate can be as low as 0.49%.The performance is sufficient to meet the requirements of network intrusion detection system.
作者
胡希文
彭艳兵
HU Xiwen;PENG Yanbing(Wuhan Research Institute of Posts and Telecommunications,Wuhan 430070,China;Nanjing FiberHome Tiandi Co.,Ltd.,Nanjing 210019,China)
出处
《电子设计工程》
2021年第20期86-91,共6页
Electronic Design Engineering
