| 信息论在异常检测中的应用 |
| |
| 引用本文: | 叶惠敏,潘正运. 信息论在异常检测中的应用[J]. 计算机工程与应用, 2003, 39(9): 185-187 |
| |
| 作者姓名: | 叶惠敏 潘正运 |
| |
| 作者单位: | 解放军信息工程大学电子技术学院,郑州,450004 |
| |
| 摘 要: | 异常检测能有效地检测出新类型的攻击,但是目前大多数入侵检测使用的异常检测技术都缺乏理论指导,通常是经过反复的实验建立检测模型,这样建立的模型只适用于某些环境,不具有通用性。该文提出了一种可以指导异常检测的理论基础———信息论,介绍了应用在异常检测中的几种信息论的方法,包括熵,条件熵,相对(条件)熵,信息量。利用这些方法可以指导异常模型建立过程和解释模型性能。最后该文还通过举例说明了这种理论的可行性和必要性。
|
| 关 键 词: | 信息论 熵 条件熵 相对(条件)熵 信息量 规律性 |
| 文章编号: | 1002-8331-(2003)09-0185-03 |
| 修稿时间: | 2002-04-01 |
The Application of Information-Theoretic Measures to Anomaly Detection |
| |
| Ye Huiming Pan Zhengyun. The Application of Information-Theoretic Measures to Anomaly Detection[J]. Computer Engineering and Applications, 2003, 39(9): 185-187 |
| |
| Authors: | Ye Huiming Pan Zhengyun |
| |
| Abstract: | Anomaly detection is an effective protection mechanisms against novel attacks.But most current anomaly detection techniques build model through expensive trial-and-error practice where there is no theoretical guideline.This paper proposes a theoretic base as the guideline for the anomaly detection and introduces several information-theoretic measures,including entropy,conditional entropy,relative conditional entropy and information gain.These measures can be used to guide the model building process and to explain the performance of the model.The paper also explains the feasibility and necessity of this theory through examples. |
| |
| Keywords: | information theory entropy conditional entropy relative(conditional)entropy information gain regularity. |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
