摘要
目前大多数入侵检测系统都是基于一个特定的预定义模式(特征值)来匹配已知的攻击功能.基于特征值的方法的主要局限性在于它不识别新的攻击,甚至不识别已知漏洞中的微小变化.该文基于机器学习技术,采用k-means聚类算法和支持向量机分类算法,能够自动构造正常分组有效载荷的分布并检测其偏差.实验表明,机器学习算法比大多数使用的开源snort系统有更高的检测精度.
Most current intrusion detection systems are Based on a specific predefined pattern(signature)that matches known attack functions.The main limitation of the signature-based approach is that it does not recognize new attacks,even small changes in known vulnerabilities.In addition,in order to keep the extensive signature database up-to-date,an important administrative expense is re quired.In this paper,Based on machine learning techniques,k-means clustering algorithm and an alternative method of support vector machine classification algorithm,it can automatically construct the distribution of normal packet payload and detect its deviation.Our method shows that the proposed hybrid algorithm provides significant detection accuracy than the most used open-source Snort system.
作者
张海燕
李根源
辜建锐
林开荣
ZHANG Hai-yan;LI Gen-yuan;GU Jian-rui;LIN Kai-rong(Beijing Institute of Technology,Zhuhai 519088,China)
出处
《电脑知识与技术》
2020年第10期215-217,共3页
Computer Knowledge and Technology
基金
2018年广东省大学生创新创业训练计划项目(201813675024)。
