优化OCSVM进行网络入侵检测的研究

OCSVM适合无监督情况下的孤立点检测,与入侵检测问题有很大的相似性.文章研究了OCSVM在网络入侵检测中的应用,探讨了模型优化的两个主要方面.提出的二阶段模型参数选取方法,能够比GA算法更快地搜索到近似全局最优参数;采用GA算法提取出22个TCP/IP连接的重要特征,比较了采用特征子集和全部特征的OCSVM的检测精度、训练测试时问.实验表明,给出的OCSVM模型优化方法,能够获得优异检测性能,具有更优的训练和检测效率,意味着可以应用到实时网络入侵检测系统.

Research on Optimizing OCSVM for Network Intrusion Detection

As an unsupervised learning algorithm,OCSVM is suitable for detecting outliers,which is similar with problems of intrusion detection in nature.This paper focuses on the application of it in network intrusion detection, makes detail researches on model optimization of it.A method called"two-phase model selection"is proposed for searching approximately global optimal parameters,which is faster than classical GA methods.Further,22 important features of TCP/IP are extracted through GA algorithm;detection accura...