| 基于支持向量机的异常检测 |
| |
| 引用本文: | 谭小彬,奚宏生,王卫平,殷保群.基于支持向量机的异常检测[J].中国科学技术大学学报,2003,33(5):599-605. |
| |
| 作者姓名: | 谭小彬 奚宏生 王卫平 殷保群 |
| |
| 作者单位: | 1. 中国科学技术大学自动化系,合肥,230027
2. 中国科学技术大学商学院,合肥,230026 |
| |
| 摘 要: | 提出一种使用支持向量机(SVM)进行计算机系统实时异常检测的方法,内容涉及到一种对支持向量机方法的改进算法、对数据预处理的方法及SVM核函数的选取.试验结果表明采用这一算法进行入侵检测具有准确率高、计算简单、占用的存储空间小等优点.
|
| 关 键 词: | 入侵检测 异常检测 支持向量机(SVM) 系统调用序列 |
| 文章编号: | 0253-2778(2003)05-0599-07 |
| 修稿时间: | 2002年9月19日 |
Anomaly Detection Based on SVM |
| |
| TAN Xiao-bin ,XI Hong-sheng ,WANG Wei-ping ,YIN Bao-qun.Anomaly Detection Based on SVM[J].Journal of University of Science and Technology of China,2003,33(5):599-605. |
| |
| Authors: | TAN Xiao-bin XI Hong-sheng WANG Wei-ping YIN Bao-qun |
| |
| Institution: | TAN Xiao-bin 1,XI Hong-sheng 1,WANG Wei-ping 2,YIN Bao-qun 1 |
| |
| Abstract: | A key component of computer security techniques, intrusion detection has gotten more and more attention. An overview of our research on anomaly detection is presented, which uses system call traces as audit data. It is focused on issues related to constructing a support vector machine(SVM) for detecting intrusion or misuse of computers, and introduce an improved algorithm for SVM. A method for the pretreatment of audit data is given, and the choice of kernel function is discussed. To improve performance, the sequential minimal optimization(SMO) as the update algorithm for the SVM is used. This method is not only useful in theory, but also can be used in practice to monitor the computer system in real time. |
| |
| Keywords: | intrusion detection anomaly detection support vector machine(SVM) system calls trace |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
