摘要
现有大部分的异常检测系统都是把数据分成正常和异常两类,这样可能会丢失重要信息。特征选择的目的是减少异常检测冗余特征的同时,高度保持和原始特征的一致性。实现了特征选择和多分类支持向量机的异常检测技术。采取粗糙集、SVDF、LGP、MARS相结合的特征选择方法。同时利用多分类支持向量机把数据分成五类。通过实验分析,表明DoS攻击相对于其他3种攻击的漏报率是最高的。
The most of Intrusion detection systems divided data into two classes, which were normal and abnormal, so that it might lose some important information.The goal of feature selection was to decrease the redundant features for anomaly detection, and maintain the same high accuracy as the original features.It proposed an anomaly intrusion detection technique based on feature selection and multi-class support vector machines(SVM).The feature selection method merged RS, SVDF, LGP and MARS.Then, data was divided into five classes by the multi-class SVM.The experimental results demonstrate that the false positive rate of DoS is the highest one among four methods.
出处
《通信学报》
EI
CSCD
北大核心
2009年第S1期68-73,共6页
Journal on Communications
基金
福建省科技厅专项项目资助(2007F5071)~~
关键词
异常检测
粗糙集
支持向量机
多类分类
特征选择
anomaly detection
rough set
support vector machine
multi-class
attribute selection
