网络与信息安全学报 ›› 2016, Vol. 2 ›› Issue (8): 68-73.doi: 10.11959/j.issn.2096-109x.2016.00092

• 学术论文 • 上一篇    下一篇

基于改进的SVM方法的异常检测研究

张辉1,刘成2()   

  1. 1 新疆公安厅特别侦察队,新疆 乌鲁木齐 830000
    2 国家计算机网络应急技术处理协调中心,北京 100029
  • 修回日期:2016-07-23 出版日期:2016-08-01 发布日期:2017-06-04
  • 作者简介:张辉(1979-),女,河南镇平人,硕士,新疆公安厅特别侦察队技术八级工程师,主要研究方向为网络与信息安全、网络侦察技术。|刘成(1985-),男,湖南邵阳人,博士,国家计算机网络应急技术处理协调中心高级工程师,主要研究方向为网络与信息安全、网络攻防技术。

Anomaly intrusion detection based on modified SVM

Hui ZHANG1,Cheng LIU2()   

  1. 1 Special Reconnaissance Team of Xinjiang Public Security Bureau,Urumpi 830000,China
    2 National Computer Network Emergency Response Technical Team/Coordination Center of China,Beijing 100029,China
  • Revised:2016-07-23 Online:2016-08-01 Published:2017-06-04

摘要:

利用非参数检验的方法提取出对分类结果影响显著的特征变量,提出一种改进的 SVM多分类方法(D-SVM),其融合了判别分析,可以解决样本不均衡导致的分类不准确和误报率高的问题。将多分类问题处理成一个个二分类问题,D-SVM既可以保持SVM较好的分类准确性,同时又可以不受样本不均衡的影响,具有较低的误报率。将 D-SVM 应用到 KDD99数据集,结果表明,该方法具有较高的分类准确性和较低的误报率。

关键词: 异常检测, 非参数检验, SVM分类, 样本不均衡, 判别分析

Abstract:

A modified SVM multi-classification algorithm integrated with discriminant analysis (D-SVM) was pro-posed,which could solve the problem of low detection accuracy and high false alarm rate caused by unbalanced datasets.For a multi-classification problem could be divided into several binary classification problems,D-SVM could not only have the virtue of high detection accuracy,but also have a low false alarm rate even confronted with unbalanced datasets.Experiments based on KDD99 dataset verify the feasibility and validity of the integrated ap-proach.Results show that when confronted with multi-classification problems,D-SVM could achieve a high detec-tion accuracy and low false alarm rate even when SVM alone fails because of the unbalanced datasets.

Key words: anomaly detection, non-parametric test, SVM classifier, unbalanced datasets, discriminant analysis

中图分类号: 

No Suggested Reading articles found!