计算机科学与探索 ›› 2017, Vol. 11 ›› Issue (11): 1775-1782.DOI: 10.3778/j.issn.1673-9418.1609048

• 网络与信息安全 • 上一篇    下一篇

结合动态代价和协同标注的网络异常检测

张  燕,杜红乐+   

  1. 商洛学院 数学与计算机应用学院,陕西 商洛 726000
  • 出版日期:2017-11-01 发布日期:2017-11-10

Network Anomaly Detection Based on Dynamic Cost and Cooperative Labeling

ZHANG Yan, DU Hongle+   

  1. School of Mathematics and Computer Applications, Shangluo University, Shangluo, Shaanxi 726000, China
  • Online:2017-11-01 Published:2017-11-10

摘要: 针对网络行为数据中中类样本不均衡、样本标注代价大的问题,结合委员会投票和动态代价思想提出一种针对不均衡数据集的分类算法DC-TSVM(dynamic cost and cooperative labeling transductive support vector machine)。该方法在构建每个子分类器时利用类密度之间的关系动态计算各个类的错分代价,减少分类超平面的偏移,然后利用投票熵选择标注准确性较高的样本进行投票标注,减少错误的累积和传递,提高标注准确率,增强最后分类器的泛化性能。KDDCUP99数据集上的实验结果表明该方法对未知攻击有较高的检测准确率。

关键词: 支持向量机, 网络异常检测, 投票委员会, 协同标注

Abstract: This paper focuses on the imbalanced data classification and the labeling cost, proposes a classification method DC-TSVM (dynamic cost and cooperative labeling transductive support vector machine) based on voting committee algorithm and dynamic cost. This method constructs each sub-classifier according to the misclassification cost of each sub-class that is calculated based on the relationship of density. It can reduce the offset of the classified hyperplane. Then this method labels the sample according to the voting entropy. It can reduce the accumulation and transmission of errors, improve the accuracy of labeling and get the high?generalization?performance. Finally, the experimental results with KDDCUP99 dataset show that this method has higher detection accuracy for unknown attacks.

Key words: support vector machine, network anomaly detection, voting committee, cooperative labeling