摘要： 证据推理依赖于专家知识提供证据，要求各证据体相互独立，因此难以应用于实际。针对上述问题，提出基于粗糙集理论的证据获取和基本概率赋值客观确定方法，利用粗糙集中的属性约简算法剔除冗余属性，形成最简属性集，以提高证据合成效率，缩短证据合成时间，减少证据合成的冲突现象。在此基础上建立一个基于粗糙集和证据推理的网络入侵检测模型，通过算例验证该模型检测精度较高、误检率较低。

关键词: 入侵检测, 粗糙集, 证据推理, 基本概率赋值

Abstract: Evidence theory relies on expert knowledge to provide evidences and require evidences independent, which makes it hard to be applied. To solve the problem, this paper proposes a hybrid approach based on rough set theory and evidence theory. In order to obtain Basic Probability Assignment(BPA) for all evidences, a method of getting evidences and objective BPA based on rough set theory is presented to decrease the combination computation and improve the combination efficiency. Conflict evidences are reduced by applying the attribute simplification algorithm of rough set theory to eliminate redundant evidences. A model for network intrusion detection based on rough set theory and evidence theory is provided to show that the hybrid model has high detection precision and low false positive detection rate.

Key words: intrusion detection, rough set, evidence theory, Basic Probability Assignment(BPA)

中图分类号: 

• TP393.08