摘要
针对检测代理负载过大导致丢包率较高的情况,提出了基于Huffman树SVM(HT-SVM)的协同网络入侵检测。根据网络协议对网络数据进行分流,通过构建多个检测代理(TCP检测代理、UDP检测代理和ICMP检测代理)协同工作,减少检测代理的负载。由于Huffman树SVM结构对决策准确率及决策速度都有较大的影响,结合类间距离、类内样本数及类半径定义分离测度,并根据分离测度利用并行算法构建HT-SVM检测代理。用KDDCUP99数据集进行实验,对比单个检测代理的结果发现,不仅减少了训练时间和决策时间,而且提高了准确率。
There are the problems of high-speed networks,traffic flow and complex topology in current computer networks.Detection agent has high packet loss rate and low detection accuracy because of the excessive load.A cooperative intrusion detection based on HT-SVM was proposed.According to Network protocol,construct multiple detection agents(TCP detection agent,UDP detection agent and ICMP detection agent) to work together to reduce the detection agent load.In addition,the structure of Huffman tree SVM seriously affects the detection speed and detection accuracy.Combining with the distance between classes,the number of class samples and class radius,separation measure was defined.Then the detection agent of HT-SVM with the parallel algorithm was constructed according to the separation measure.Finally,experiment was done with KDDCUP99 dataset,and experimental results show that the method proposed can not only reduce the training time and testing time but also improve the detection accuracy.
出处
《解放军理工大学学报(自然科学版)》
EI
北大核心
2011年第6期611-616,共6页
Journal of PLA University of Science and Technology(Natural Science Edition)
基金
陕西省教育厅专项科研计划资助项目(09JK424)
