计算机工程与应用2011,Vol.47Issue(34):117-121,5.DOI:10.3778/j.issn.1002-8331.2011.34.032
扩展D-S证据理论在网络异常检测中的研究
Research on extended D-S theory in network anomaly detection
摘要
Abstract
Network anomaly detection is an important part of the intrusion detection system,however,there are many problems in traditional network anomaly detection methods, such as high false positive rate and the limitation of detecting multiple types of the intrusion actions.A distributed anomaly detection model and the fusion method are proposed based on extended D-S evidence theory.Meanwhile, considering the unreasonableness in the traditional D-S evidence theory when there exist conflictions in the evidences, an extended D-S evidence theory with weights is adopted, and a newly fusion policy is proposed to build an anomaly detection model with multiple classifiers.According to the verification of the KJDD99 data set,experiments show that the proposed model and method can obviously reduce the false positve rate,and simultaneously improve the detection rate.关键词
D-S证据理论/异常检测/数据融合Key words
D-S evidence theory/anomaly detection/data fusion分类
信息技术与安全科学引用本文复制引用
王宏,刘渊..扩展D-S证据理论在网络异常检测中的研究[J].计算机工程与应用,2011,47(34):117-121,5.基金项目
江苏省科技厅科技支撑计划项目(No.BE2009009) (No.BE2009009)
江南大学自主科研计划资助(No.JUSRP30909). (No.JUSRP30909)
