通信学报
• 网络安全 • 上一篇 下一篇
刘 敬,谷利泽,钮心忻,杨义先
出版日期:
发布日期:
基金资助:
Online:
Published:
摘要: 对基于支持向量机和主动学习的异常检测方法进行了研究,首先利用原始数据采用无监督方式建立单分类支持向量机模型,然后结合主动学习找出对提高异常检测性能最有价值的样本进行人工标记,利用标记数据和无标记数据以半监督方式对基于单分类支持向量机的异常检测模型进行扩展。实验结果表明,所提方法能够利用少量标记数据获取性能提升,并能够通过主动学习减小人工标记代价,更适用于实际网络环境。
关键词: 网络安全;异常检测;单分类支持向量机;主动学习
Abstract: A network anomaly detection method based on one-class SVM and active learning was presented. Firstly, the original instances were used to trained an one-class SVM model in unsupervised manner. Then the instances which can improve the performance mostly were found by active learning strategy. Finally, the classify model was retrained in semi-supervised manner with both labeled and unlabeled data. The experiment results demonstrate that the presented method can improve performance with a small amount of labeled data and reduce the cost of labeling through active learning. It is more feasible to be used in real network environment.
Key words: network security; anomaly detection; one-class SVM; active learning
刘 敬,谷利泽,钮心忻,杨义先. 基于单分类支持向量机和主动学习的网络异常检测研究[J]. 通信学报, doi: 10.11959/j.issn.1000-436x.2015252.
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.infocomm-journal.com/txxb/CN/10.11959/j.issn.1000-436x.2015252
https://www.infocomm-journal.com/txxb/CN/Y2015/V36/I11/136
