计算机应用 ›› 2010, Vol. 30 ›› Issue (07): 1771-1774.
• 信息安全 • 上一篇 下一篇
张亚玲1,韩照国2,任姣霞1
收稿日期:
修回日期:
发布日期:
出版日期:
通讯作者:
基金资助:
2,
Received:
Revised:
Online:
Published:
摘要: 检测率低、误报率高和检测攻击范围不够全面已经成为制约网络异常检测发展的最大障碍,为了提高检测率,降低误报率,扩大检测攻击范围,提出了一种新的网络异常检测方法。首先,对网络流量进行统计分析并引入相对熵理论来表征测度对应的全概率事件;然后,通过加权系数融合多个测度相对熵而得到加权相对熵;最终,以综合的多测度加权相对熵作为网络异常判断的依据。实验数据采用DARPA1999测评数据集,实验结果表明该方法在低误报率的前提下,达到了较高的检测率。
关键词: 入侵检测, 异常检测, 相对熵理论, 测评数据
Abstract: Low detection rate, high false alarm rate and limited types of attacks which can be detected have become the biggest obstacle to the development of network anomaly detection. In order to improve the detection rate, reduce the false alarm rate and enlarge the area of detected attacks, a new method of network anomaly detection was proposed. Firstly, the network traffic was analyzed and the fullprobability events of measures were characterized by the introduction of relative entropy theory. Secondly, the weighted relative entropy was got by integrating relative entropy of multiple measures with weighted coefficients. Lastly, the standard to judge network anomaly finally was the comprehensive multimeasure weighted relative entropy. The experimental results on DARPA 1999 intrusion detection evaluation datasets show that the detector has a higher detection rate at lower false alarm rate and the result is better than other methods.
Key words: intrusion detection, anomaly detection, relative entropy theory, evaluation data
张亚玲 韩照国 任姣霞. 基于相对熵理论的多测度网络异常检测方法[J]. 计算机应用, 2010, 30(07): 1771-1774.
0 / 推荐
导出引用管理器 EndNote|Ris|BibTeX
链接本文: http://www.joca.cn/CN/
http://www.joca.cn/CN/Y2010/V30/I07/1771