摘要： 程序行为控制系统对程序行为进行建模、检测和响应。单类支持向量机(SVM)在有限样本的情况下用于异常检测，具有较好的分类精度和泛化能力。针对以前利用单类支持向量机进行异常检测的研究中没有考虑属性权重的问题，该文提出利用粗糙集理论(RST)，引入反映属性重要性程度的权重值。给出通过找出决策系统中所有约简的集合确定属性权重的方法，并利用属性权重修正单类SVM的核函数。实验表明基于RST修正核的单类SVM具有更好的检测能力。

关键词: 粗糙集理论, 单类支持向量机, 程序行为控制, 异常检测

Abstract: Program behavior control system includes program behavior model, detection and response. One-class Support Vector Machine (SVM) has good classification accuracy and generalization in the case of limited samples. In former research of anomaly detection using one-class support vector machine, the attribute weights are not considered. This paper presents a method to introduce weights that reflect attribute importance using Rough Set Theory (RST). The kernel function of one-class support vector machine is adjusted by calculating attribute weights though finding all reducts in the decision system. Experimental results show that the one-class support vector machine with adjusted kernel function using rough set theory has more effective detection capability.

Key words: rough set theory, one-class support vector machine, program behavior control, anomaly detection

中图分类号: 

• TP309