高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

基于粗糙集-支持向量机理论的过滤误报警方法

肖云 韩崇昭 郑庆华 赵婷

肖云, 韩崇昭, 郑庆华, 赵婷. 基于粗糙集-支持向量机理论的过滤误报警方法[J]. 电子与信息学报, 2007, 29(12): 3011-3014. doi: 10.3724/SP.J.1146.2006.00712
引用本文: 肖云, 韩崇昭, 郑庆华, 赵婷. 基于粗糙集-支持向量机理论的过滤误报警方法[J]. 电子与信息学报, 2007, 29(12): 3011-3014. doi: 10.3724/SP.J.1146.2006.00712
Xiao Yun, Han Chong-zhao, Zheng Qing-hua, Zhao ting. An Approach to Filter False Positive Alerts Based on RS-SVM Theory[J]. Journal of Electronics & Information Technology, 2007, 29(12): 3011-3014. doi: 10.3724/SP.J.1146.2006.00712
Citation: Xiao Yun, Han Chong-zhao, Zheng Qing-hua, Zhao ting. An Approach to Filter False Positive Alerts Based on RS-SVM Theory[J]. Journal of Electronics & Information Technology, 2007, 29(12): 3011-3014. doi: 10.3724/SP.J.1146.2006.00712

基于粗糙集-支持向量机理论的过滤误报警方法

doi: 10.3724/SP.J.1146.2006.00712
基金项目: 

国家863计划项目(2004AA1Z2280)和国家973发展规划项目(2001CB309403)资助课题

An Approach to Filter False Positive Alerts Based on RS-SVM Theory

  • 摘要: 为过滤入侵检测系统报警数据中的误报警,根据报警的根源性和时间性总结出了区分真报警和误报警的19个相关属性,并提出了一种基于粗糙集-支持向量机理论的过滤误报警的方法。该方法首先采用粗糙集理论去除相关属性中的冗余属性,然后将具有约简后的10个属性的报警数据集上的误报警过滤问题转化为分类问题,采用支持向量机理论构造分类器以过滤误报警。实验采用由网络入侵检测器Snort监控美国国防部高级研究计划局1999年入侵评测数据(DARPA99)产生的报警数据,结果表明提出的方法在漏报警约增加1.6%的代价下,可过滤掉约98%的误报警。该结果优于文献中使用相同数据、相同入侵检测系统的其它方法的结果。
  • Julisch K. Using root cause analysis to handle intrusion detec -tion alarms. [PhD thesis], University of Dortmund, 2003.[2]Manganaris S, Christensen M, and Zerkle D, et al.. A data mining analysis of RTID alarms[J].Computer Networks.2000, 34(4):571-577[3]Wang J and Lee I. Measuring false-positive by automated real-time correlated hacking behavior analysis. Information Security 4th International Conference, Koice, Slovakia, Heidelberg: Springer-Verlag, 2001: 512-535.[4]Alharby A and Imai H. IDS false alarm reduction using continuous and discontinuous patterns. Proceeding of Applied Cryptography and Network Security. New York, USA, Heidelberg: Springer-Verlag, 2005: 192-205.[5]Shin Moon Sun, Kim Eun Hee, and Ryu Keun Ho. False alarm classification model for network-based intrusion detection system. Proceeding of the 5th International Conference on Intelligent Data Engineering and Automated Learning, Exeter, UK, Heidelberg: Springer-Verlag, 2004: 259-265.Pietraszek T. Using adaptive alert classification to reduce positive in intrusion detection. Proceeding of the 7th Inter -national Symposium on Recent Advance in Intrusion Detection, Riviera, France, Heidelberg: Springer-Verlag, 2004: 102-124.[6]Zhang Z and Shen H. Suppressing false alarms of intrusion detection using improved text categorization method. Proceedings of the 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service, Taipei, Taiwan, Estats Units: IEEE Computer Society Press,2004: 163-166.[7]Law Kwok Ho and Kwok Lam For. IDS false alarm filtering using KNN classifier. Proceeding of the 5th International Workshop on Information Security Applications, Jeju Island, Korea, Heidelberg: Springer-Verlag, 2004: 114-121.[8]Walczak B and Massart D L. Rough sets theory[J].Chemomet -rics and Intelligent Laboratory Systems.1999, 47(1):1-19[9]Vapnik V N. An overview of statistical learning theory[J].IEEE Trans. on Neural Networks.1999, 10(5):988-999
  • 加载中
计量
  • 文章访问数:  3645
  • HTML全文浏览量:  107
  • PDF下载量:  1340
  • 被引次数: 0
出版历程
  • 收稿日期:  2006-05-25
  • 修回日期:  2006-10-24
  • 刊出日期:  2007-12-19

目录

    /

    返回文章
    返回