研究网络安全问题,针对对网络异常入侵检测数据的特征进行提取,用传统异常入侵检测算法存在小样本情况下训练精度高,预测精度低的过拟合缺陷,出现误报和漏报现象,提出一种基于支持向量机的网络异常入侵检测方法.在支持向量机的网络异常入侵检测过程中,利用网格法寻找支持向量机最优参数,并找到的最优参数对网络异常入侵训练样本进行训练学习,得到最优异常入侵检测模型,对入侵检测数据进行预测.以网络异常入侵标准数据库DARPA中的数据集进行了仿真.仿真结果表明,小样本数据的支持向量机有较高的网络入侵检测准确率,具有较好的实时性,是一种高效、误报和漏报率低的网络异常入侵检测方法.%The Intrusion Detection System(IDS) has become an important part of network security. However, the traditional abnormal detection is heavily dependent on the large training samples to get high detection precision. It is difficult to obtain sufficient training data in a real network environment. Current network intrusion detection has high false positive and false alarms leading that prediction accuracy is quite dissatisfied. Support vector machin( SVM)e is a method of machine learning based on theory of statistics. The framework model proposed in this paper is a intrusion detection system based on support vector machine. Taking advantage of the guaranteed estimators, we worked out a solution to determine the size of training set avoiding blind estimations only via experiments. Comparison of detection ability between the above detection method and BP neural network shows that the intrusion detection system based on support vector machine can effectively detect intrusion and can dramatically shorten the training time for DARPA data. The results of applying show that this new method is effective to discover anomaly in intrusion detection systems.
展开▼
