计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2010年
3期
20-22,66
,共4页
有监督学习%维数约简%流形学习%Isomap%可视化%分类%入侵检测
有鑑督學習%維數約簡%流形學習%Isomap%可視化%分類%入侵檢測
유감독학습%유수약간%류형학습%Isomap%가시화%분류%입침검측
supervised learning%dimension reduction%manifold learning%Isomap%visualization%classification%intrusion detection
入侵检测是计算机安全研究方面的热点领域,在入侵检测数据可视化和分类方面面临的问题是其高维特性.流形学习算法Isomap是有效的非线性降维工具.但是Isomap算法在实际应用中存在不能保证构造连通的邻接图和没有利用样本已知类别标记的缺点,针对上述缺陷提出了健壮的有监督S-kv-Isonmp算法.该算法利用类别标记来指导降维,并且利用k-variable算法构造联通的邻接图.实验选用KDDCUP1999数据集,对四类入侵数据即Dos、R2L、Probe、U2R进行了可视化和分类研究.可视化中比较了S-kv-Isomap算法与kv-Isomap算法,前者具有更好的可视化效果.在分类研究中比较了S-kv-Isomap、kv-Isomap、SVM和k-NN算法,实验结果表明,S-kv-Isomap方法在入侵检测中不仅保持较高的入侵检测率,而且误警率很低.
入侵檢測是計算機安全研究方麵的熱點領域,在入侵檢測數據可視化和分類方麵麵臨的問題是其高維特性.流形學習算法Isomap是有效的非線性降維工具.但是Isomap算法在實際應用中存在不能保證構造連通的鄰接圖和沒有利用樣本已知類彆標記的缺點,針對上述缺陷提齣瞭健壯的有鑑督S-kv-Isonmp算法.該算法利用類彆標記來指導降維,併且利用k-variable算法構造聯通的鄰接圖.實驗選用KDDCUP1999數據集,對四類入侵數據即Dos、R2L、Probe、U2R進行瞭可視化和分類研究.可視化中比較瞭S-kv-Isomap算法與kv-Isomap算法,前者具有更好的可視化效果.在分類研究中比較瞭S-kv-Isomap、kv-Isomap、SVM和k-NN算法,實驗結果錶明,S-kv-Isomap方法在入侵檢測中不僅保持較高的入侵檢測率,而且誤警率很低.
입침검측시계산궤안전연구방면적열점영역,재입침검측수거가시화화분류방면면림적문제시기고유특성.류형학습산법Isomap시유효적비선성강유공구.단시Isomap산법재실제응용중존재불능보증구조련통적린접도화몰유이용양본이지유별표기적결점,침대상술결함제출료건장적유감독S-kv-Isonmp산법.해산법이용유별표기래지도강유,병차이용k-variable산법구조련통적린접도.실험선용KDDCUP1999수거집,대사류입침수거즉Dos、R2L、Probe、U2R진행료가시화화분류연구.가시화중비교료S-kv-Isomap산법여kv-Isomap산법,전자구유경호적가시화효과.재분류연구중비교료S-kv-Isomap、kv-Isomap、SVM화k-NN산법,실험결과표명,S-kv-Isomap방법재입침검측중불부보지교고적입침검측솔,이차오경솔흔저.
Intrusion detection is still a hot area in computer security.When performing visualization and classification,the problem should be confronted is the high dimensionality.As one of the manifold learning algorithms Isomap is an effective nonlinear di-mension reduction tool.However,when Isomap is applied to the real-world data,it shows some limitations,such as failing to guar-antee coanectedness of the constructed neighborhood graphs and not using the class labels of the data.An improved version of I-somap,namely S-kv-Isomap,is proposed.S-kv-Isomap utilizes class information to guide the dimension reduction procedure and k-variable method to build connected neighborhood graphs so as to enhance the robustness.The new scheme is evaluated with KDD CUP 1999 datasets in visualization and classification on four kinds of intrusion types: Dos,R2L,Probe,and U2R.Experiment results show that S-kv-Isomap performs best compared with kv-Isomap in visualization.In the classification test,S-kv-Isomap is compared with kv-Isomap,SVM,and k-NN.The results show that S-kv-Isomap performs higher detection rate and very low false positive rate.