摘要
计算机网络尤其是互联网的迅速发展与普及 ,使得信息安全已经成为一个全球瞩目的重要研究课题。随着攻击技术的不断进步与更新 ,迫切需要一种有效的入侵检测技术来保护信息系统的安全。由于几乎所有的攻击与滥用都被记录在系统的网络数据中 ,因而可以基于计算机系统的网络数据构造入侵检测系统。在对网络数据进行深刻的分析和研究的基础上 ,提出了入侵检测的 1类支持向量机模型。第一 ,构造适于异常点检测的1类支持向量机模型 ;第二利用抽象化的网络数据对该模型进行训练以确定其中各个参数的值。实验表明 。
With the tremendous growth of the Internet, information security has become an serious issue of global concern. As the attacking technology has been replacing all the time, to develop effective intrusion detection methods becomes much more urgent in order to assure computer and information security. Since most attacks and abuses could be recognized through the examination of system audit log files and pattern analysis therein, an approach to intrusion detection could be built on their basis. Based on the analysis of attack and abuse patterns in log files in depth, a model using support vector machine for anomaly detection is proposed. First, one-class support vector machine (SVM) is improved to be a model adapting the intrusion detection. Second, the model is trained by abstract data to determine various parameters. Experimental results show that it is an effective approach.
出处
《中国安全科学学报》
CAS
CSCD
2003年第6期72-75,共4页
China Safety Science Journal
