共查询到20条相似文献,搜索用时 221 毫秒
1.
基于粗糙集属性约简的SVM异常入侵检测方法 总被引:3,自引:2,他引:1
文章提出了基于粗糙集属性约简的支持向量异常入侵检测方法。为验证该方法的有效性,对实验数据集KDD99分别用粗糙集属性约简的支持向量分类方法和传统的支持向量分类方法进行实验仿真,并把两者的实验结果进行对比。实验证明,基于粗糙集属性约简的支持向量异常入侵检测方法在检测精度相当的情况下,有效的降低了检测时间并减少了存储空间。 相似文献
2.
3.
针对支持向量机理论中存在的问题:训练样本数量多以及必须满足MerCer条件等,提出了一种基于相关向量机(RVM)的网络入侵检测方法。首先采用“删除特征”法对KDD99数据集中的41个特征进行评级,筛选出针对不同入侵类型的重要特征和非重要特征,然后只选择重要特征进行匹配。结果表明,这种方法与基于支持向量机(SVM)的入侵检测模型相比,具有更高的检测率和更低的误警率。 相似文献
4.
基于QPSO的属性约简在NIDS中的应用研究 总被引:1,自引:0,他引:1
支持向量机作为一种优良的分类算法应用在网络入侵检测系统中,但是训练时间过长是它的主要缺陷.文中提出了基于量子粒子群优化的属性约简和支持向量机(SVM)的入侵检测方法,利用量子粒子群优化的属性约简算法对训练样本集进行属性约简,剔除了对入侵检测结果影响较小的冗余特征,从而使入侵检测系统在获取用户特征的时间减少,整个入侵检测系统的性能得到提高.实验结果表明,该方法是有效的. 相似文献
5.
6.
吴良海 《微电子学与计算机》2010,27(5)
构建计算机网络的入侵检测系统,对于保护网络中的信息免受各种攻击显得非常重要.为了克服支持向量机的缺点,提出了一种基于粒子群优化相关向量机(RVM)网络入侵检测方法.相关向量机是一种建立在支持向量机上的稀疏概率模型.与支持向量机相比,它不仅具有较高检测精度,还具有较好的实时性,粒子群优化算法用于确定相关向量机的核参数.最后结合试验将提出的方法同支持向量机算法、BP神经网络进行了比较,结果表明提出的相关向量机相比于支持向量机、BP神经网络有着更高的入侵精度. 相似文献
7.
8.
9.
10.
首先介绍了支持向量机及Robust支持向量机的分类算法,提出了Robust支持向量机的入侵检测的模型;并利用研究入侵检测系统的MIT’s Lincoln实验室1998年收集DARPA BSM的数据集,对Robust支持向量机和普通的支持向量机的性能进行了比较。 相似文献
11.
一种基于关联的IDS告警分析模型 总被引:1,自引:1,他引:0
针对现有入侵检测系统中存在告警量过大、误报率高的问题,运用过滤检测、相关性分析等方法,对原始告警信息进行二次处理.实验证明,该模型能有效缩减告警数量,降低误警率.同时,还能将告警结果按照危险级别进行分类统计,以图形化的方式报告给用户,从而达到预警的目的. 相似文献
12.
13.
Intrusion detection plays a key role in detecting attacks over networks, and due to the increasing usage of Internet services, several security threats arise. Though an intrusion detection system (IDS) detects attacks efficiently, it also generates a large number of false alerts, which makes it difficult for a system administrator to identify attacks. This paper proposes automatic fuzzy rule generation combined with a Wiener filter to identify attacks. Further, to optimize the results, simplified swarm optimization is used. After training a large dataset, various fuzzy rules are generated automatically for testing, and a Wiener filter is used to filter out attacks that act as noisy data, which improves the accuracy of the detection. By combining automatic fuzzy rule generation with a Wiener filter, an IDS can handle intrusion detection more efficiently. Experimental results, which are based on collected live network data, are discussed and show that the proposed method provides a competitively high detection rate and a reduced false alarm rate in comparison with other existing machine learning techniques. 相似文献
14.
15.
The main objective of this paper is to design a more complete intrusion detection system solution. The paper presents an efficient approach for reducing the rate of alerts using divided two-part adaptive intrusion detection system (DTPAIDS). The proposed DTPAIDS has a high degree of autonomy in tracking suspicious activity and detecting positive intrusions. The proposed DTPAIDS is designed with the aim of reducing the rate of detected false positive intrusion through two achievements. The first achievement is done by implementing adaptive self-learning neural network in the proposed DTPAIDS to gives it the ability to be automatic adaptively system based on Radial Basis Functions (RBF) neural network. The second achievement is done through dividing the proposed intrusion detection system IDS into two parts. The first part is IDS1, which is installed in the front of firewall and responsible for checking each entry user’s packet and deciding if the packet considered is an attack or not. The second is IDS2, which is installed behind the firewall and responsible for detecting only the attacks which passed the firewall. This proposed approach for IDS exhibits a lower false alarm rate when detects novel attacks. The simulation tests are conducted using DARPA 1998 dataset. The experimental results show that the proposed DTPAIDS [1] reduce false positive rate, [2] detects intrusion occurrence sensitively and precisely, [3] accurately self–adapts diagnoser model, thus improving its detection accuracy. 相似文献
16.
17.
Tu Hoang Nguyen Jiawei Luo Humphrey Waita Njogu 《International Journal of Network Management》2014,24(3):153-180
Intrusion detection systems (IDSs) often trigger a huge number of unnecessary alerts. Managing the overwhelming number of alerts, especially from multiple IDS products, is a concern to every security analyst. Analyzing and evaluating these alerts is a difficult task that frustrates the effort of analysts. In fact, true alerts are usually buried under heaps of false alerts. We have identified several research gaps in the existing alert management approaches that need to be addressed, especially when handling alerts from different IDS products. In this work, we present an efficient alert management approach that reduces the unnecessary alerts produced by different IDS products using two main modules: an enhanced alert verification module that validates alerts with vulnerability assessment data; and an enhanced alert aggregator module that reduces redundant alerts and presents them in the form of meta alerts. Finally, we have carried out experiments in our test bed and recorded impressive results in terms of high accuracy and low false positive rate for multiple IDS products. Copyright © 2014 John Wiley & Sons, Ltd. 相似文献
18.
有指导的入侵检测方法研究 总被引:5,自引:0,他引:5
基于一种用于混合属性数据的距离定义和改进的最近邻分类方法,提出了一种基于聚类的有指导的入侵检测方法。该方法首先利用一趟聚类算法对训练集进行聚类,再利用数据的标识和少数服从多数的原则将聚类标识为“正常”或“攻击”,以标识的聚类作为分类模型对数据进行分类。理论分析表明提出的检测方法关于数据集大小和属性个数具有近似线性时间复杂度。不同于一般的有指导的入侵检测方法,改进的最近邻方法从理论上保证了该方法对未知入侵有一定的检测能力。在KDDCUP99数据集上的测试结果表明,该方法有高的检测率和低的误报率。 相似文献
19.
Khalid Alsubhi Issam Aib Raouf Boutaba 《International Journal of Network Management》2012,22(4):263-284
Intrusion detection systems (IDSs) are designed to monitor a networked environment and generate alerts whenever abnormal activities are detected. The number of these alerts can be very large, making their evaluation by security analysts a difficult task. Management is complicated by the need to configure the different components of alert evaluation systems. In addition, IDS alert management techniques, such as clustering and correlation, suffer from involving unrelated alerts in their processes and consequently provide results that are inaccurate and difficult to manage. Thus the tuning of an IDS alert management system in order to provide optimal results remains a major challenge, which is further complicated by the large spectrum of potential attacks the system can be subject to. This paper considers the specification and configuration issues of FuzMet, a novel IDS alert management system which employs several metrics and a fuzzy‐logic based approach for scoring and prioritizing alerts. In addition, it features an alert rescoring technique that leads to a further reduction in the number of alerts. Comparative results between SNORT scores and FuzMet alert prioritization onto a real attack dataset are presented, along with a simulation‐based investigation of the optimal configuration of FuzMet. The results prove the enhanced intrusion detection accuracy brought by our system. Copyright © 2011 John Wiley & Sons, Ltd. 相似文献
20.
考虑置信度的告警因果关联的研究 总被引:2,自引:2,他引:0
一个成功的网络攻击往往由若干个处于不同阶段的入侵行为组成,较早发生的入侵行为为下一阶段的攻击做好准备。在因果关联方法中,可以利用入侵行为所需的攻击前提和造成的攻击结果,重构攻击者的攻击场景。论文引入了告警关联置信度的属性描述,用于分析因果关联结果的可信度,进而能够进一步消除虚假关联关系。通过DARPA标准数据集分析,该方法取得了较好的实验结果。 相似文献