摘要
为提高网络入侵检测的检测效果,提出了一种基于改进D-S证据理论的信息融合网络入侵检测方法。该方法首先采用支持向量机(S upport Vector Machine,SVM)统计机器学习方法分别对基于主机和基于网络的数据进行训练;然后针对D-S证据理论无法解决证据之间冲突问题,从合成规则着手,提出一种改进的D-S证据理论;最后采用改进的D-S证据理论对SVM的训练结果进行融合,兼顾了两类检测结果的优势,提高了网络入侵检测的性能。仿真结果表明,与单一的入侵检测策略相比,该方法能有效提高网络入侵检测的准确率,降低漏报率,提高了网络入侵检测的整体性能。
To improve the detection effect of network intrusion detection, an information-fused network intrusion detection method is proposed based on the improved D-S evidence theory. Firstly, the method adopts the support vector machine (SVM) statistical machine learning method to classify the data based on host and network respectively. Secondly, aim to the problem that the D-S evidence theory can not solve evidence conflicts, an improved D-S evidence theory is presented by improving the combination rules. Finally, the training results of SVM are fused by the improved D-S evidence theory, the advantages of two detection results are got, and the performance of network intrusion detection is improved. The simulation results show that, compared with the single intrusion detection strategy, the new network intrusion detection method effectively improves the accuracy of network intrusion detection, reduces the false negative, and enhances the total detection effect of network intrusion detection.
出处
《控制工程》
CSCD
北大核心
2017年第11期2362-2367,共6页
Control Engineering of China
关键词
支持向量机
D-S证据理论
入侵检测
信息融合
Support vector machine
D-S evidence theory
intrusion detection
information fusion
