入侵检测是保障网络安全的重要技术.在改进LPMC算法的基础上提出了LPMCST(Linear Prediction and MarkovChain With Time Stamp)算法.LPMCST算法采用时间戳标识,对特权进程的系统调用序列进行分段训练和检测,特别是在系统调用序列波动...入侵检测是保障网络安全的重要技术.在改进LPMC算法的基础上提出了LPMCST(Linear Prediction and MarkovChain With Time Stamp)算法.LPMCST算法采用时间戳标识,对特权进程的系统调用序列进行分段训练和检测,特别是在系统调用序列波动较大的情况下,使得模型更能反映系统实时状态,从而在保持原算法优点的基础上进一步降低了误报率和漏报率,提高了检测的准确度.展开更多
Support vector machine (SVM) technique has recently become a research focus in intrusion detection field for its better generalization performance when given less priori knowledge than other soft-computing techniques....Support vector machine (SVM) technique has recently become a research focus in intrusion detection field for its better generalization performance when given less priori knowledge than other soft-computing techniques. But the randomicity of parameter selection in its implement often prevents it achieving expected performance. By utilizing genetic algorithm (GA) to optimize the parameters in data preprocessing and the training model of SVM simultaneously, a hybrid optimization algorithm is proposed in the paper to address this problem. The experimental results demonstrate that it’s an effective method and can improve the performance of SVM-based intrusion detection system further.展开更多
文摘入侵检测是保障网络安全的重要技术.在改进LPMC算法的基础上提出了LPMCST(Linear Prediction and MarkovChain With Time Stamp)算法.LPMCST算法采用时间戳标识,对特权进程的系统调用序列进行分段训练和检测,特别是在系统调用序列波动较大的情况下,使得模型更能反映系统实时状态,从而在保持原算法优点的基础上进一步降低了误报率和漏报率,提高了检测的准确度.
基金This work was supported by the Research Grant of SEC E-Institute :Shanghai High Institution Grid and the Science Foundation ofShanghai Municipal Commission of Science and Technology No.00JC14052
文摘Support vector machine (SVM) technique has recently become a research focus in intrusion detection field for its better generalization performance when given less priori knowledge than other soft-computing techniques. But the randomicity of parameter selection in its implement often prevents it achieving expected performance. By utilizing genetic algorithm (GA) to optimize the parameters in data preprocessing and the training model of SVM simultaneously, a hybrid optimization algorithm is proposed in the paper to address this problem. The experimental results demonstrate that it’s an effective method and can improve the performance of SVM-based intrusion detection system further.