| 一种基于置信度的异常检测模型与设计 |
| |
| 引用本文: | 周晔,杨天奇. 一种基于置信度的异常检测模型与设计[J]. 计算机仿真, 2005, 22(1): 167-169 |
| |
| 作者姓名: | 周晔 杨天奇 |
| |
| 作者单位: | 暨南大学计算机系,广东,广州,510632;暨南大学计算机系,广东,广州,510632 |
| |
| 基金项目: | 暨南大学自然科学基金 ( 2 0 0 3 0 2 3 ) |
| |
| 摘 要: | 入侵检测系统一直以来都是多层安全体系架构不可或缺的一部分。异常检测试图判定程序当前行为与已建立的正常的运行模式是否发生较大偏移来判断入侵的发生,能有效地识别未知的入侵模式,具有较高的检测率。传统的检测方式通常将结果判定为真或假,并由于各种因素的影响而产生了伪肯定和伪否定。通过将网络行为的可能攻击程度描述为连续量,并分析检测规则的置信度和网络行为的可能攻击程度之间存在的关系,以检测规则的置信度来判定是攻击行为的可能性,提出了一种基于置信度的异常检测模型。
|
| 关 键 词: | 异常检测 关联规则 序列模式挖掘 置信度 |
| 文章编号: | 1006-9348(2005)01-0167-03 |
| 修稿时间: | 2004-04-24 |
Model and Design of Anomaly Detection Based on Confidence |
| |
| ZHOU Ye,YANG Tian-qi. Model and Design of Anomaly Detection Based on Confidence[J]. Computer Simulation, 2005, 22(1): 167-169 |
| |
| Authors: | ZHOU Ye YANG Tian-qi |
| |
| Abstract: | Intrusion Detection Systems have long been recognized as a necessary component of a multilayered security architecture. Anomaly detection attempts to compare current program behavior with normal program' profile produced in advance and automatically detects any deviation from it, identify new types of intrusions as deviations from normal usage, hence it has high detection rate. Traditional detection method depicts result with true of false simply,because of all kinds of factors ,False positives and false negatives exists all the time.Characterizing network action's attack possibility by consecutive variable, analyzing the relationship between the confidence of the detection rules and possibility of that a network action is an attack, we provide a model of anomaly detection based on confidence by using confidence of a detection rule to judge the network action. |
| |
| Keywords: | Anomaly detection Association rule Sequential pattern mining Confidence |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
