Combined type intrusion detecting method on basis of data fusion of improved core vector machine

Abstract

The invention discloses a combined type intrusion detecting method on the basis of data fusion of an improved core vector machine, which belongs to the technical field of network safety. The method comprises the following steps: extracting characteristic data of all time monitoring points required by misuse intrusion detection and abnormal intrusion detection from a network safety equipment log of a target network; respectively constructing the characteristic data into black and white list data sample subsets; training the black and white list data sample subsets, thereby respectively obtaining a primary misuse intrusion detection model and a primary abnormal intrusion detection model; realizing the data fusion of the primary misuse intrusion detection model and the primary abnormal intrusion detection model through a D-S evidence theory, thereby obtaining a combined intrusion detection model and a combined confidence interval of the combined intrusion detection model; and obtaining a final detecting result. The method provided by the invention has excellent properties at the aspects of increasing the instantaneity of an intrusion detecting system, reducing the missing report rate and false report rate of the intrusion detecting system and increasing the generalization of the intrusion detecting system.

Description

technical field [0001] The invention belongs to the technical field of network information security, and in particular relates to a composite intrusion detection method based on data fusion of an improved core vector machine. Background technique [0002] As network intrusions and attacks are developing toward distribution, scale, complexity, and indirection, higher requirements are placed on security product technology, and an efficient network security alarm technology is urgently needed to improve the security of security products. performance. [0003] Intrusion detection is the detection of intrusion behavior. The intrusion detection system collects information of all key nodes in the network and computer system to check whether there are violations of security policies and signs of being attacked in the network or system. The data source of intrusion detection is the logs of various network security devices (such as firewalls, IDS, IPS, etc.), and these devices will r...

AI Technical Summary

Problems solved by technology

[0007] For the current intrusion detection technology based on a single classifier mentioned in the above background technology, the intrusion detection implementation schemes that only rely on misuse technology or abnormal technology generally have low intrusion detection accuracy, poor real-time type, false negative rate and false positive High rate, poor generalization ability and other defects, the present invention proposes a composite intrusion detection method based on improved core vector machine data fusion

Images