摘要
为防止计算机蠕虫病毒造成的巨大破坏,以计算机性能参数作为原始数据训练集,利用支持向量机分类器进行数据挖掘,建立了网络蠕虫病毒检测模型,在蠕虫大规模侵染网络之前发起网络预警,减小了蠕虫爆发引起的损失。在模拟计算机的常用网络结构下,通过采样主机不同工作状态下的系统特征计数器形成训练数据集,在进行特征提取后,利用支持向量机分类器实现了判决规则的产生和分类决策,并在模拟搭建的局域网络上进行了验证测试。测试结果表明,检测模型对未知网络蠕虫有很高的判决准确率,说明了基于支持向量机(SVM)分类算法的检测方法适合小样本的分类判决,并有着很强的实用性。
In order to prevent the huge damage caused by computer worms, an innovative approach using support vector machine (SVM) elassifier for deteeting unknown eomputer worm based on the measurement of eomputer performanee was proposed to alarm Internet users. In the experiment, system features were monitored from window performanee eounters with different applieations running on and bayesian network theorem was applied on selecting features from whieh the judging rule is dedueed by SVM. As proved by the result from testing experiment, the system ean deteet the presenee of an unknown worm by reaehing high aeeuraey, so that it ean be well known that the model using SVM aetive learning the less prior knowledge has a good performanee on deteeting unknown computer worms.
出处
《机电工程》
CAS
2008年第8期21-24,共4页
Journal of Mechanical & Electrical Engineering
