| 基于SVM和模糊逻辑的告警相关性分析* |
| |
| 引用本文: | 张亚普,孟相如,张立,麻海圆.基于SVM和模糊逻辑的告警相关性分析*[J].计算机应用研究,2011,28(2):685-688. |
| |
| 作者姓名: | 张亚普 孟相如 张立 麻海圆 |
| |
| 作者单位: | 空军工程大学电讯工程学院,西安,710077 |
| |
| 基金项目: | 陕西省自然科学基金资助项目(SJ08F14,2009JQ8008) |
| |
| 摘 要: | 针对网络故障诊断中现有告警关联算法存在的网络动态适应性差、关联误报率高等问题,提出了一种基于支持向量机(support vector machine,SVM)和模糊逻辑的告警相关性分析算法。该算法在数据预处理部分采用滑动时间窗、时序模糊以及特征统计的方法解决了网络不确定性和数据格式规范化的问题,并通过SVM训练和识别完成相关性分析。DARPA攻击数据集测试结果表明,该算法误报、漏报率低,压缩率大,网络动态适应性好,提高了告警关联效率。
|
| 关 键 词: | 网络故障诊断 支持向量机 告警关联 模糊逻辑 |
Alarm correlation analysis based on SVM and fuzzy logic |
| |
| ZHANG Ya-pu,MENG Xiang-ru,ZHANG Li,MA Hai-yuan.Alarm correlation analysis based on SVM and fuzzy logic[J].Application Research of Computers,2011,28(2):685-688. |
| |
| Authors: | ZHANG Ya-pu MENG Xiang-ru ZHANG Li MA Hai-yuan |
| |
| Abstract: | This paper proposed an alarm correlation algorithm based on support vector machine(SVM) and fuzzy logic to solve the problems of poor dynamic adaptability, high false alarm rate and so on, which were existing in the alarm correlation of network fault diagnosis. For the problems of network uncertainty and nonstandard data formats, sliding time window,fuzzy time series and feature statistics were employed in the data pre-processing part. The alarm correlation part was realized through the training and identificating of SVM. Experiment on DARPA intrusion detection evaluation data set shows that the algorithm has lower false alarm rate,higher compression ratio and better dynamic adaptability, which improve the efficiency of alarm correlation. |
| |
| Keywords: | network fault diagnosis support vector machine alarm correlation fuzzy logic |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
|
