Full-Text PDF    Submission   Back

饶 鲜, 董春曦, 杨绍全 (西安电子科技大学 电子工程系 电子对抗研究所,陕西 西安 710071)
第一作者: 饶鲜(1976－),女,陕西城固人,博士生,讲师,主要研究领域为网络安全,信息对抗.
联系人: 饶鲜  Telephone: 86-29-8202274, E-mail: xianrao@yahoo.com.cn
Received 2001-12-10; Accepted 2002-08-02

Abstract
The generalizing ability of current IDS (intrusion detection system) is poor when given less priori knowledge. Utilizing SVM (support vector machines) in Intrusion Detection, the generalizing ability of IDS is still good when the sample size is small (less priori knowledge). First, the research progress of intrusion detection is recalled and algorithm of support vector machine taxonomy is introduced. Then the model of an Intrusion Detection System based on support vector machine is presented. An example using system call trace data, which is usually used in intrusion detection, is given to illustrate the performance of this model. Finally, comparison of detection ability between the above detection method and others is given. It is found that the IDS based on SVM needs less priori knowledge than other methods and can shorten the training time under the same detection performance condition.

Rao X, Dong CX, Yang SQ. An intrusion detection system based on support vector machine. Journal of Software, 2003,14(4):798~803.
http://www.jos.org.cn/1000-9825/14/798.htm


摘要
目前的入侵检测系统存在着在先验知识较少的情况下推广能力差的问题.在入侵检测系统中应用支持向量机算法,使得入侵检测系统在小样本(先验知识少)的条件下仍然具有良好的推广能力.首先介绍入侵检测研究的发展概况和支持向量机的分类算法,接着提出了基于支持向量机的入侵检测模型,然后以系统调用执行迹(system call trace)这类常用的入侵检测数据为例,详细讨论了该模型的工作过程,最后将计算机仿真结果与其他检测方法进行了比较.通过实验和比较发现,基于支持向量机的入侵检测系统不但所需要的先验知识远远小于其他方法,而且当检测性能相同时,该系统的训练时间将会缩短.

基金项目：Supported by the Military Communication Pre-Research Project of the 'Tenth Five-Year-Plan' of China under Grant No. 4100104030 ("十五"军事通讯预研)


References: 

[1] Forrest S, Perrelason AS, Allen L, Cherukur R. Self_Nonself discrimination in a computer. In: Rushby J, Meadows C, eds. Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy. Oakland, CA: IEEE Computer Society Press, 1994. 202~212.

[2] Ghosh AK, Michael C, Schatz M. A real-time intrusion detection system based on learning program behavior. In: Debar H, Wu SF, eds. Recent Advances in Intrusion Detection (RAID 2000). Toulouse: Spinger-Verlag, 2000. 93~109.

[3] Lee W, Stolfo SJ. A data mining framework for building intrusion detection model. In: Gong L, Reiter MK, eds. Proceedings of the 1999 IEEE Symposium on Security and Privacy. Oakland, CA: IEEE Computer Society Press, 1999. 120~132.

[4] Vapnik VN. The Nature of Statistical Learning Theory. New York: Spring-Verlag, 1995.

[5] Lee W, Dong X. Information-Theoretic measures for anomaly detection. In: Needham R, Abadi M, eds. Proceedings of the 2001 IEEE Symposium on Security and Privacy. Oakland, CA: IEEE Computer Society Press, 2001. 130~143.

[6] Warrender C, Forresr S, Pearlmutter B. Detecting intrusions using system calls: Alternative data models. In: Gong L, Reiter MK, eds. Proceedings of the 1999 IEEE Symposium on Security and Privacy. Oakland, CA: IEEE Computer Society Press, 1999. 133~145.