一种基于混合分类器的异常检测模型

针对网络的异常检测方法对未知攻击难以提供更多有用信息的缺点,提出一种基于分类器的异常检测模型。模型首先采用支持向量机对网络连接进行异常检测,然后将检测获得的异常作为输入进入聚类模块以得到其更多信息,其中聚类模块由自组织映射算法与信息获取算法共同完成。通过对检测到的异常进行信息获取的方法可以获得未知入侵的更多有价值的信息。最后应用kddcup99数据集进行仿真实验,实验结果表明,该检测模型具有较好的检测率和较低的误报率,并且该模型对于获得未知入侵的更多信息是有效的。

Anomaly Detection Model Based on Hybrid Classifiers

In view of the disadvantage,of an anomaly detection which can not provide more useful information about the unknown intrusions,an anomaly detection model based on hybrid SVM/SOM was proposed.At first,support vector machine(SVM) was used to detect anomalous connections,and then the detected anomalies were as input of the clustering module to get more information.The clustering module consisted of self-organizing map(SOM) algorithm and information acquisition algorithm.Through the method of acquire information about the detected anomalies,more valuable information about the unknown intrusions could be obtained.Finally,the kddcup99 data sets were used for simulation.The experimental results show that the detection model has a better detection efficiency and low false alarm rate,and the model for getting information of unknown intrusions is valid.