【摘要】 提出了一种基于球形检测器的改进型入侵检测算法,并对其有效性进行了实验验证.为提高self和non-self之间界线划分的精确度,提出了可变半径self球体模型,在训练检测器过程中,加入对self集合数据点分布特性的考虑.模型在高斯分布的基础上估计数据点的分布密度,并据此计算各训练点相应的球体半径.实验显示:在Wine数据集和DARPA99网络数据集上,改进算法的检测能力都获得了提高;在提高DARPA99网络数据集检测率的同时,降低了误报率.结果表明:DARPA99网络数据集的分布特性符合模型的假设,而Wine数据集不符合这种假设.更多还原

【Abstract】 An improved intrusion detection algorithm is proposed, whose validity was tested by the experiments.A variable radius self sphere model is developed to locate the boundary between self and non-self more accurately to gain higher true positive and lower fulse positive,taking the distribution characteristics of training set into account while generating detectors.This model estimates the density of training data points based on Gaussian distribution,and then calculates their radius used in genetic algorithm.Experiments on Wine data set and DARPA99 network data set indicate that the modified algorithm has better detection rates.Moreover,it produces lower false alarm rate while provides higher detection rate on DARPA99,this means the distribution characteristics of DARPA99 network data set follows the hypothesis of model.Wine data set doesn′t obey that hypothesis.更多还原