摘要
提出一种新颖的基于特征抽取的异常检测方法,先对预处理数据进行标准化变换,然后应用主成份分析(PCA)抽取入侵特征,最后应用一种改进的最近邻分类方法——基于中心的最近邻分类法(CNN)检测入侵。利用KDDCup'99数据集,将PCA+CNN与PCA+NN、PCA+SVM、标准SVM进行比较,结果显示,在不降低分类器性能的情况下,特征抽取方法能对输入数据有效降维,且在各种方法中,PCA与CNN的结合能得到最优的入侵检测性能。
A new method for anomaly detection is proposed, in this method principal component analysis (PCA) is applied to network intrusion feature extraction based on a data set that is transformed by a standardized method. The extracted features are employed by a novel nearest neighbor method that called center-based nearest neighbor (CNN) for classification. The MIT's KDD Cup'99 dataset is used to evaluate these feature extraction methods, and classification performances achieved by CNN with PCA feature extraction is compared with PCA+NN, PCA+SVM and by SVM without application of feature extraction. The results clearly demonstrate that feature extraction can greatly reduce the dimensionality of feature space without degrading the classifiers' performance. Among these methods, the best performance is achieved by PCA+CNN.
出处
《计算机工程与设计》
CSCD
北大核心
2008年第10期2502-2504,共3页
Computer Engineering and Design
关键词
入侵检测
异常检测
主成份分析
基于中心的最近邻分类器
intrusion detection
anomaly detection
principal component analysis
center-based nearest neighbor classifier