在入侵检测领域,误报率已经成为衡量一个入侵检测系统好坏的重要指标。如何降低警报误报率一直是个研究热点。主要是通过引入条件随机场模型来进行降低误报率的研究工作,提出入侵检测误报滤除方法,对单警报特征模型和多警报特征模型进行测试,在消除率、误消除率和漏消除率三个指标下,验证所提方法的实际效果,并将该算法与基于隐马尔可夫的误报滤除算法效果进行比较。测试表明,基于条件随机场的入侵检测误报滤除方法具有较好的性能。% In the intrusion detection system, falsepositive rate has become one of the importantindicators of evaluation, and thus reducing the false positive rate has become a hot topicinresearch.Inthispaper, conditionalrandomfieldsareintroducedintotheintrusiondetection system to reduce the false positive rate. The single-alert feature model and the multi-alert feature model are compared in terms of three indexes:elimination rate, false elimination rate and omitted elimination rate. Experiments show that the proposed method has good effects andfeasibility.
展开▼
