危险因素辨识及其演化方法研究
|
摘要
随着计算机网络的飞速发展和人类对网络的依赖程度的增加,病毒和网络攻击等网络危险因素也日益泛滥,网络安全问题逐渐受到人类的重视,成为当前网络发展的重要课题。
支持向量机理论是由Vapnik等人于1995年提出的,它是基于统计学习理论的机器学习算法,通过结构风险最小化原则来最小化实际风险,在处理高维小样本数据时,具有泛化能力强等突出优点,在模式识别特别是入侵检测等领域都得到了广泛的应用。本文首先分析了基于支持向量机的检测模型的基本情况,针对此模型的时间复杂度过高的缺点,引入常用的特征抽取技术核主成分分析技术,提出基于KPCA的SVM检测模型,通过KPCA对原始空间中的数据进行特征提取,选取部分主要成分,除去特征中的冗余信息,降低了特征维数,在检测效率的少量下降的代价下,明显提高了时间效率。
鉴于核函数对支持向量机的重要性以及当前核函数的发展,在支持向量机中采用组合核函数的思想,将多项式核函数和径向基核函数组合形成组合核函数,提出了基于KPCA的组合核函数SVM检测模型,以期待能够获取更好的检测性能,并使用KDDCUP99数据集进行试验验证,表明该模型与基于KPCA的SVM检测模型相比,检测效率稍好,但时间效率有些许下降,总体来说两者性能基本相当,但本模型明显具有更好的泛化能力和稳定性。
With the rapid development of computer network and the increases of human dependence on the network,dangerous factors in network such as viruses and network attacks,are becoming inundating,network security issue earn recognition of human gradually,and become an important subject of network development.
The support vector machine theory was brought by Vapnik and others in 1995,and it is based on statistical learning theory of machine learning algorithms,through the structural risk minimization principle to minimize the actual risk,when dealing with small samples of high-dimensional data,it has a strong advantage of generalization ability,in pattern recognition,especially in areas such as intrusion detection it has been widely used.In this paper,it shows the basic conditions of detection model based on support vector machine,for the time complexity is too high of this model,the commonly used feature extraction technique of kernels principal component analysis is brought in,and build a KPCA and SVM based detection model,KPCA is used for feature extraction of the data in original spatial,select some of the major components, delete the redundant information to reduce the dimension of the features,with a small amount decline of detection efficiency,the time efficiency markedly improved.
As the importance of kernel function for support vector machine,and the development of kernel function,uses combined kernel function in support vector machine,combines polynomial kernel function and radial basis kernel function and forms combined kernel function,brings a KPCA and combined kernel function SVM based detection model to look forward to obtain a better detection performance,and use KDDCUP99 data sets to test,indicating that the model has a better detection efficiency, but the time efficiency decreases slightly,in the mass,the two model is almost equal, but this model has a better generalization ability and stability.
支持向量机理论是由Vapnik等人于1995年提出的,它是基于统计学习理论的机器学习算法,通过结构风险最小化原则来最小化实际风险,在处理高维小样本数据时,具有泛化能力强等突出优点,在模式识别特别是入侵检测等领域都得到了广泛的应用。本文首先分析了基于支持向量机的检测模型的基本情况,针对此模型的时间复杂度过高的缺点,引入常用的特征抽取技术核主成分分析技术,提出基于KPCA的SVM检测模型,通过KPCA对原始空间中的数据进行特征提取,选取部分主要成分,除去特征中的冗余信息,降低了特征维数,在检测效率的少量下降的代价下,明显提高了时间效率。
鉴于核函数对支持向量机的重要性以及当前核函数的发展,在支持向量机中采用组合核函数的思想,将多项式核函数和径向基核函数组合形成组合核函数,提出了基于KPCA的组合核函数SVM检测模型,以期待能够获取更好的检测性能,并使用KDDCUP99数据集进行试验验证,表明该模型与基于KPCA的SVM检测模型相比,检测效率稍好,但时间效率有些许下降,总体来说两者性能基本相当,但本模型明显具有更好的泛化能力和稳定性。
With the rapid development of computer network and the increases of human dependence on the network,dangerous factors in network such as viruses and network attacks,are becoming inundating,network security issue earn recognition of human gradually,and become an important subject of network development.
The support vector machine theory was brought by Vapnik and others in 1995,and it is based on statistical learning theory of machine learning algorithms,through the structural risk minimization principle to minimize the actual risk,when dealing with small samples of high-dimensional data,it has a strong advantage of generalization ability,in pattern recognition,especially in areas such as intrusion detection it has been widely used.In this paper,it shows the basic conditions of detection model based on support vector machine,for the time complexity is too high of this model,the commonly used feature extraction technique of kernels principal component analysis is brought in,and build a KPCA and SVM based detection model,KPCA is used for feature extraction of the data in original spatial,select some of the major components, delete the redundant information to reduce the dimension of the features,with a small amount decline of detection efficiency,the time efficiency markedly improved.
As the importance of kernel function for support vector machine,and the development of kernel function,uses combined kernel function in support vector machine,combines polynomial kernel function and radial basis kernel function and forms combined kernel function,brings a KPCA and combined kernel function SVM based detection model to look forward to obtain a better detection performance,and use KDDCUP99 data sets to test,indicating that the model has a better detection efficiency, but the time efficiency decreases slightly,in the mass,the two model is almost equal, but this model has a better generalization ability and stability.
引文
[1]王绍斌,王昭德.信息系统攻击与防御[M].北京,电子工业出版社,2007,10.
[2]Bruce Schneier.吴世忠,祝世雄,张文政等译.应用密码学[M].北京,机械工业出版社,2006.10.
[3]谢冬青,冷健,熊伟.计算机网络安全技术教程[M].北京,机械工业出版社,2006.10.
[4]D.Denning,An intrusion detection model,IEEE Trans.On Software Engineering,Vol.13,No.2,PP.222-232,1987.
[5]边肇棋,张学工.模式识别[M],第二版,清华大学出版社.2001:234-304.
[6]Martin Botha,Rossouw von Solms,Utilising fuzzy logic and trend analysis for effective intrusion detection,Computers&Security.2003,22(5):423-434.
[7]D.S.Bauer,F.R.Eichelman,R.M.Herrera,A.E,Irgon.Intrusion detection:an application of expert systems to computer security.Security Technology,1989.Proceedings.1989 International Carnahan Conference on,PP.97-103,Oct.3-5,1989.
[8]W.Lee.A data mining frame work for constructing features and models for intrusion detection systems.PhD Thesis,Columbia Unicersity,1999.
[9]Ghost AK,Michael C,Schatz M,A real-time instruction detection system based on learning program behavior.In:Debar H,Wu SF,eds.Recent Advances in Intrusion Detection.Toulouse:Springer-Verlag,2002.93-109.
[10]Porras P A,Neumann PG.EMERALD:Event Mointoring Enabling Responses to Anomalous Live Disturbances.Proc.of the 20~(th) National Information System Security Conference.Baltimore.Maryland.1997,353-365
[11]Mark Crosbie,Bryn Dole,Todd Ellis,Ivan Krsul,Eugene Spafford.IDIOT-Users Guide.Technical Report TR-96-050.September 4,1996.
[12]Gao Fei,Sun Jizhou,Wei Zunce.The prediction role of hidden Markov model inintursion detection Electrical and Computer Engineering,2003.IEEE CCECE 2003.Canadian Conference on,Vol.2,PP.893 - 896,2003.
[13]绕鲜,董春曦.基于支撑向量机的入侵检测系统[J].软件学报,2003,vol.14,NO.4
[14]张学工.统计学习理论的本质[M],第二版,清华大学出版社.2000:25-42
[15]VAPNIK VN.The Nature of Statistical Learning Theory[M].New York:Springer Verlag,1995。
[16]韩力群.人工神经网络教程[M].北京邮电大学出版社,2006.
[17]吕彦波.基于支持向量机的入侵检测系统研究[D],2007.3
[18]高隽.人工神经网络原理及仿真实验[M].机械工业出版社,2003.8.
[19]王晓瑜.基于支持向量机的入侵检测技术[D],2005.10.
[20]李志梅.基于KPCA_SVM模型的企业员工绩效评价研究[D],2008.5
[21]S.Mukkamala,G.I.Janosk,i A.H.Sung,Intrusion detection using support vector machines,Proceedings of the High Performance Computing Symposium-HPC 2002,pp.178-183,San Diego,April2002.
[22]JolliHe I J.Principal Component Analysis[M].New York:Springer,1986.
[23]B.Scholkop,f A.Smola,K.R.Muller,Nonlinear component analysis as a kernel eager value problem,Neural Computation,1998,10(5),1299-1319.
[24]丛瑜.基于核方法的高分辨雷达目标特征提取与识别[D],2006.11
[25]王辉,基于核主成分分析特征提取及支持向量机的人脸识别应用研究[D],2006.5
[26]B.Ribeiro.Kernelized Based Functions with Minkovsky.s Norm for SVM Regression[C].In:Proceedings of the 2002 International Joint Conference on Neural Networks.IEEE,2002,3(2):2198-2203.
[27]邓乃扬,田英杰.数据挖掘中的新方法:支持向量机[M].北京,科学出版社,2004,105-108
[28]Smola A J,Scholkopf B.A tutorial on support vector regression.Neuro COLT Technical Report NC-TR-98-030,Royal Holloway College,University of London,UK,1998.
[29]Scholkopf B.The kernel trick for distances.Technical report M SR-TR-2000-51,Microsoft research,2000.
[30]Nello Cristianini N,Shawe-Taylor J.An introduction to support vector machines and other kernel based learning methods[M].李国止,王猛,曾华军译.支持向量机导论,电子工业出版社,2006,28-34.
[31]陈金凤,支持向量机回归算法的研究与应用[D],2008.5.
[32]Shang Y.Ruml W.Zhang Y.et al.Localization from mere connectivition[C]Proceedings of Fouth International ACM Symposium on Mobile Ad Hoc Networking and Computing,2003:201-212.
[33]Ji X,Zha H.Sensor positioning in wireless ad hoc networks using multidimensional scaling,2004:387-396.
[34]Smits G F,Jordaan E M.,Improved SVM Regression using Mixture of Kernels.Proceedings of the 2002 International Joint Conference on Neural Networks.Hawaii:IEEE,2785-2790,2002.
[35]Blake C L,Merz C J.UCI repository of machine learning databases [EB/O1]http://kdd.icu.uci.edu/database/kddcup99/kddcup99.html
[36]DARPA Intrusion Detection Evaluation.Lexington,MA:Lincoln Laboratory,Massachusetts Institute of technology.
[37]http://www.11.mit.edu/TST/ideval/data/data index.html
[38]蒋建春,冯登国.网络入侵检测原理与技术[M],国防工业出版社,北京:2001.7.
[39]程学云.支持向量机及其在入侵检测中的应用研究[D].2007.3.
[40]初金涛.基于支持向量机的网络入侵检测研究[D].2007.5.
[41]孙宗宝.基于软间隔支持向量机和核主成分分析的入侵检测研究[D],2007.3.
[42]李盼池,许少华.支持向量机在模式识别中的核函数特性分析.计算机工程与设计[J].2005,26(2):302-307
[43]Kulkarni A,Jayaraman V K.Support vector classification with parameter turning assisted by agent-based technique Computers and Chemical Engineering.2004,28(3):311-318
[44]何保全.基于小波变换和核方法的人脸识别[D].2006.5.
[2]Bruce Schneier.吴世忠,祝世雄,张文政等译.应用密码学[M].北京,机械工业出版社,2006.10.
[3]谢冬青,冷健,熊伟.计算机网络安全技术教程[M].北京,机械工业出版社,2006.10.
[4]D.Denning,An intrusion detection model,IEEE Trans.On Software Engineering,Vol.13,No.2,PP.222-232,1987.
[5]边肇棋,张学工.模式识别[M],第二版,清华大学出版社.2001:234-304.
[6]Martin Botha,Rossouw von Solms,Utilising fuzzy logic and trend analysis for effective intrusion detection,Computers&Security.2003,22(5):423-434.
[7]D.S.Bauer,F.R.Eichelman,R.M.Herrera,A.E,Irgon.Intrusion detection:an application of expert systems to computer security.Security Technology,1989.Proceedings.1989 International Carnahan Conference on,PP.97-103,Oct.3-5,1989.
[8]W.Lee.A data mining frame work for constructing features and models for intrusion detection systems.PhD Thesis,Columbia Unicersity,1999.
[9]Ghost AK,Michael C,Schatz M,A real-time instruction detection system based on learning program behavior.In:Debar H,Wu SF,eds.Recent Advances in Intrusion Detection.Toulouse:Springer-Verlag,2002.93-109.
[10]Porras P A,Neumann PG.EMERALD:Event Mointoring Enabling Responses to Anomalous Live Disturbances.Proc.of the 20~(th) National Information System Security Conference.Baltimore.Maryland.1997,353-365
[11]Mark Crosbie,Bryn Dole,Todd Ellis,Ivan Krsul,Eugene Spafford.IDIOT-Users Guide.Technical Report TR-96-050.September 4,1996.
[12]Gao Fei,Sun Jizhou,Wei Zunce.The prediction role of hidden Markov model inintursion detection Electrical and Computer Engineering,2003.IEEE CCECE 2003.Canadian Conference on,Vol.2,PP.893 - 896,2003.
[13]绕鲜,董春曦.基于支撑向量机的入侵检测系统[J].软件学报,2003,vol.14,NO.4
[14]张学工.统计学习理论的本质[M],第二版,清华大学出版社.2000:25-42
[15]VAPNIK VN.The Nature of Statistical Learning Theory[M].New York:Springer Verlag,1995。
[16]韩力群.人工神经网络教程[M].北京邮电大学出版社,2006.
[17]吕彦波.基于支持向量机的入侵检测系统研究[D],2007.3
[18]高隽.人工神经网络原理及仿真实验[M].机械工业出版社,2003.8.
[19]王晓瑜.基于支持向量机的入侵检测技术[D],2005.10.
[20]李志梅.基于KPCA_SVM模型的企业员工绩效评价研究[D],2008.5
[21]S.Mukkamala,G.I.Janosk,i A.H.Sung,Intrusion detection using support vector machines,Proceedings of the High Performance Computing Symposium-HPC 2002,pp.178-183,San Diego,April2002.
[22]JolliHe I J.Principal Component Analysis[M].New York:Springer,1986.
[23]B.Scholkop,f A.Smola,K.R.Muller,Nonlinear component analysis as a kernel eager value problem,Neural Computation,1998,10(5),1299-1319.
[24]丛瑜.基于核方法的高分辨雷达目标特征提取与识别[D],2006.11
[25]王辉,基于核主成分分析特征提取及支持向量机的人脸识别应用研究[D],2006.5
[26]B.Ribeiro.Kernelized Based Functions with Minkovsky.s Norm for SVM Regression[C].In:Proceedings of the 2002 International Joint Conference on Neural Networks.IEEE,2002,3(2):2198-2203.
[27]邓乃扬,田英杰.数据挖掘中的新方法:支持向量机[M].北京,科学出版社,2004,105-108
[28]Smola A J,Scholkopf B.A tutorial on support vector regression.Neuro COLT Technical Report NC-TR-98-030,Royal Holloway College,University of London,UK,1998.
[29]Scholkopf B.The kernel trick for distances.Technical report M SR-TR-2000-51,Microsoft research,2000.
[30]Nello Cristianini N,Shawe-Taylor J.An introduction to support vector machines and other kernel based learning methods[M].李国止,王猛,曾华军译.支持向量机导论,电子工业出版社,2006,28-34.
[31]陈金凤,支持向量机回归算法的研究与应用[D],2008.5.
[32]Shang Y.Ruml W.Zhang Y.et al.Localization from mere connectivition[C]Proceedings of Fouth International ACM Symposium on Mobile Ad Hoc Networking and Computing,2003:201-212.
[33]Ji X,Zha H.Sensor positioning in wireless ad hoc networks using multidimensional scaling,2004:387-396.
[34]Smits G F,Jordaan E M.,Improved SVM Regression using Mixture of Kernels.Proceedings of the 2002 International Joint Conference on Neural Networks.Hawaii:IEEE,2785-2790,2002.
[35]Blake C L,Merz C J.UCI repository of machine learning databases [EB/O1]http://kdd.icu.uci.edu/database/kddcup99/kddcup99.html
[36]DARPA Intrusion Detection Evaluation.Lexington,MA:Lincoln Laboratory,Massachusetts Institute of technology.
[37]http://www.11.mit.edu/TST/ideval/data/data index.html
[38]蒋建春,冯登国.网络入侵检测原理与技术[M],国防工业出版社,北京:2001.7.
[39]程学云.支持向量机及其在入侵检测中的应用研究[D].2007.3.
[40]初金涛.基于支持向量机的网络入侵检测研究[D].2007.5.
[41]孙宗宝.基于软间隔支持向量机和核主成分分析的入侵检测研究[D],2007.3.
[42]李盼池,许少华.支持向量机在模式识别中的核函数特性分析.计算机工程与设计[J].2005,26(2):302-307
[43]Kulkarni A,Jayaraman V K.Support vector classification with parameter turning assisted by agent-based technique Computers and Chemical Engineering.2004,28(3):311-318
[44]何保全.基于小波变换和核方法的人脸识别[D].2006.5.