作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (16): 135-137. doi: 10.3969/j.issn.1000-3428.2011.16.045

• 安全技术 • 上一篇    下一篇

基于稀疏表示的协同入侵检测算法

崔保良 1,滕少华 1,崔 振 2,3   

  1. (1. 广东工业大学计算机学院,广州 510006;2. 华侨大学计算机科学与技术学院,福建 厦门 361021;3. 中国科学院计算技术研究所,北京 100190)
  • 收稿日期:2011-02-24 出版日期:2011-08-20 发布日期:2011-08-20
  • 作者简介:崔保良(1986-),男,硕士研究生,主研方向:数据挖掘,网络入侵检测;滕少华,教授、博士;崔 振,博士研究生
  • 基金资助:
    广东省自然科学基金资助项目(06021484, 915100900100 0007);广东省科技计划基金资助项目(2008A060201011)

Cooperative Intrusion Detection Algorithm Based on Sparse Representation

CUI Bao-liang 1, TENG Shao-hua 1, CUI Zhen 2,3   

  1. (1. Faculty of Computer, Guangdong University of Technology, Guangzhou 510006, China; 2. College of Computer Science & Technology, Huaqiao University, Xiamen 361021, China;3. Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China)
  • Received:2011-02-24 Online:2011-08-20 Published:2011-08-20

摘要: 针对现有入侵检测算法误报率较高和鲁棒性较差的问题,提出一种基于稀疏表示的协同入侵检测算法。通过构建正常类和攻击类训练字典获取类别内在本质特征,结合子空间结构理论计算重构误差,从而判定测试样本类别。实验结果表明,该算法能保证较高的检测率和较低的误报率,对不平衡数据集有较好的鲁棒性,对正常行为和异常行为有较好的区分度。

关键词: 稀疏表示, 子空间, 重构误差, 入侵检测算法

Abstract: Aiming at the high alarm rate and poor robustness in the existing intrusion detection algorithms, this paper proposes a cooperative intrusion detection algorithm based on sparse representation. The algorithm trains the dictionary for the normal class and attack class, to capture the intrinsic nature of the class characteristics. With the theory of subspace structure, determines the class of test samples according to the error of sparse reconstruction. Experimental results demonstrate that it can guarantee higher detection rate and low false alarm rate, it has good robustness in the imbalanced dataset experiment and has a good degree of differentiation for normal behavior and unusual behavior.

Key words: sparse representation, subspace, reconstruction error, intrusion detection algorithm

中图分类号: