共查询到19条相似文献,搜索用时 62 毫秒
1.
为解决传统网络异常流量特征选择方法存在的准确率与效率较低问题,提出一种基于集成分类器的网络异常流量特征选择模型设计方法.仿真实验中以误报率、阳性似然比、约登指数等作为评估指数指标,结果表明所提出的模型设计方法的各个指标数值均优于传统方法,证明该方法的计算速度较快、准确度较高. 相似文献
2.
3.
最大信息熵原理已被成功地应用于各种自然语言处理领域,如机器翻译、语音识别和文本自动分类等,提出了将其应用于互联网异常流量的分类。由于最大信息熵模型利用二值特征函数来表达和处理符号特征,而KDD99数据集中存在多种连续型特征,因此采用基于信息熵的离散化方法对数据集进行预处理,并利用CFS算法选择合适的特征子集,形成训练数据集合。最后利用BLVM算法进行参数估计,得到满足最大熵约束的指数形式的概率模型。通过实验,比较了最大信息熵模型和Naive Bayes、Bayes Net、SVM与C4.5决策树方法之间的精度、召回率、F-Measure,发现最大信息熵模型具有良好的综合性能,尤其在训练数据集样本数量有限的情况下仍然能保持较高的分类精度,在实际应用中具有广阔的前景。 相似文献
4.
5.
6.
7.
针对现有方法仅分析粗粒度的网络流量特征参数,无法在保证检测实时性的前提下识别出拒绝服务(DoS)和分布式拒绝服务(DDoS)的攻击流这一问题,提出一种骨干网络DoS&DDoS攻击检测与异常流识别方法。首先,通过粗粒度的流量行为特征参数确定流量异常行为发生的时间点;然后,在每个流量异常行为发生的时间点对细粒度的流量行为特征参数进行分析,以找出异常行为对应的目的IP地址;最后,提取出与异常行为相关的流量进行综合分析,以判断异常行为是否为DoS攻击或者DDoS攻击。仿真实验的结果表明,基于流量行为特征的DoS&DDoS攻击检测与异常流识别方法能有效检测出骨干网络中的DoS攻击和DDoS攻击,并且在保证检测实时性的同时,准确地识别出与攻击相关的网络流量 相似文献
8.
软件定义网络(software defined networking,简称SDN)是一种新型的网络架构.SDN将控制层从数据层分离并开放网络接口,以实现网络集中控制并提高网络的可扩展性和编程性.但是SDN也面临诸多的网络安全威胁.异常流量检测技术可以保护网络安全,防御恶意流量攻击.对SDN异常流量检测进行了全面的研究,归纳了数据平面和控制平面可能遭受到的网络攻击;介绍并分析了位于应用平面、控制平面和中间平台的异常流量检测框架;探讨了异常流量识别机制、负载均衡机制、异常流量追溯机制和异常缓解机制;最后指明SDN异常流量检测在未来工作中的研究方向. 相似文献
9.
决策树算法是数据挖掘领域的一个研究热点,通常用来形成分类器和预测模型,在实际中有着广泛的应用。重点阐述了经典的ID3决策树算法,分析了它的优缺点,结合泰勒公式和麦克劳林公式提出了新的属性选择标准。改进后的算法通过简化信息熵的计算,提高了分类准确度,缩短了决策树的生成时间,减少了计算成本。实验证明,改进后算法的有效性和正确性。 相似文献
10.
针对在NetFlow数据流的环境中,如何解决海量数据识别的问题,提出基于K层特征模型的异常流量识别算法。采用优先级策略依次打开索引表,读取异常行为,并与异常行为的特征值逐条匹配,匹配成功作标记,确定异常行为类型。实验结果表明,该算法能够快速有效地识别异常数据流,提高了海量数据识别的实效性,有效地解决了网络安全问题,达到设计目标。 相似文献
11.
基于遗传算法的入侵检测特征选择* 总被引:1,自引:0,他引:1
针对入侵检测日志数据存在大量不相关特征和冗余特征,导致入侵检测数据集维数较高,检测算法实时性较低的问题,提出一种基于遗传算法的入侵检测特征选择算法。首先删除入侵检测数据集中的不相关特征及冗余特征,构建有效特征集L,并通过偏F检验对特征进一步选择,构成待优化特征集L’;然后采用遗传算法对L’进行优化选择,选出最能反映系统状态的特征集L″。仿真实验结果证明,该算法在保证特征分类精度和确保入侵检测漏检率、误检率尽量小的前提下明显提高了入侵检测的效率。 相似文献
12.
针对入侵检测系统要求检测率和误报率均衡优化,提出一种由顺序搜索策略改进的多目标进化算法,对特征空间进行压缩,以选择最优特征子集。实验结果表明,改进的多目标进化算法实现了检测率与误报率的均衡优化,较好地提高了入侵检测系统的性能。 相似文献
13.
14.
Genetic algorithms (GAs) have been used as conventional methods for classifiers to adaptively evolve solutions for classification problems. Feature selection plays an important role in finding relevant features in classification. In this paper, feature selection is explored with modular GA-based classification. A new feature selection technique, relative importance factor (RIF), is proposed to find less relevant features in the input domain of each class module. By removing these features, it is aimed to reduce the classification error and dimensionality of classification problems. Benchmark classification data sets are used to evaluate the proposed approach. The experiment results show that RIF can be used to find less relevant features and help achieve lower classification error with the feature space dimension reduced. 相似文献
15.
16.
17.
基于带特征染色体遗传算法的支持向量机特征选择和参数优化 总被引:2,自引:0,他引:2
鉴于支持向量机特征选择和参数优化对其分类准确率有重大的影响,将支持向量机渐近性能融入遗传算法并生成特征染色体,从而将遗传算法的搜索导向超参数空间中的最佳化误差直线.在此基础上,提出一种新的基十带特征染色体遗传算法的方法,同时进行支持向量机特征选择和参数优化.在与网格搜索、不带特征染色体遗传算法和其他方法的比较中,所提出的方法具有较高的准确率、更小的特征子集和更少的处理时间. 相似文献
18.
There is significant interest in the network management community about the need to identify the most optimal and stable features for network traffic data. In practice, feature selection techniques are used as a pre-processing step to eliminate meaningless features, and also as a tool to reveal the set of optimal features. Unfortunately, such techniques are often sensitive to a small variation in the traffic data. Thus, obtaining a stable feature set is crucial in enhancing the confidence of network operators. This paper proposes an robust approach, called the Global Optimization Approach (GOA), to identify both optimal and stable features, relying on multi-criterion fusion-based feature selection technique and an information-theoretic method. The proposed GOA first combines multiple well-known FS techniques to yield a possible optimal feature subsets across different traffic datasets; then the proposed adaptive threshold, which is based on entropy to extract the stable features. A new goodness measure is proposed within a Random Forest framework to estimate the final optimum feature subset. Experimental studies on network traffic data in spatial and temporal domains show that the proposed GOA approach outperforms the commonly used feature selection techniques for traffic classification task. 相似文献
19.
The problem of traffic sign recognition is generally approached by first constructing a classifier, which is trained by some relevant image features extracted from traffic signs, to recognize new unknown traffic signs. Feature selection and instance selection are two important data preprocessing steps in data mining, with the former aimed at removing some irrelevant and/or redundant features from a given dataset and the latter at discarding the faulty data. However, there has thus far been no study examining the impact of performing feature and instance selection on traffic sign recognition performance. Given that genetic algorithms (GA) have been widely used for these types of data preprocessing tasks in related studies, we introduce a novel genetic-based biological algorithm (GBA). GBA fits “biological evolution” into the evolutionary process, where the most streamlined process also complies with reasonable rules. In other words, after long-term evolution, organisms find the most efficient way to allocate resources and evolve. Similarly, we closely simulate the natural evolution of an algorithm, to find an option it will be both efficient and effective. Experiments are carried out comparing the performance of the GBA and a GA based on the German Traffic Sign Recognition Benchmark. The results show that the GBA outperforms the GA in terms of the reduction rate, classification accuracy, and computational cost. 相似文献