روش آماری نیمه تحت نظارت برای تشخیص ناهنجاری شبکه ☆
|کد مقاله||سال انتشار||مقاله انگلیسی||ترجمه فارسی||تعداد کلمات|
|76887||2016||6 صفحه PDF||سفارش دهید||2769 کلمه|
Publisher : Elsevier - Science Direct (الزویر - ساینس دایرکت)
Journal : Procedia Computer Science, Volume 83, 2016, Pages 1090–1095
Intrusion Detection Systems (IDS) have become a very important defense measure against security threats. In recent years, computer networks are widely deployed for critical and complex systems, which make them more vulnerable to network attacks. In this paper, we propose a two-stage Semi-supervised Statistical approach for Anomaly Detection (SSAD). The first stage of SSAD aims to build a probabilistic model of normal instances and measures any deviation that exceeds an established threshold. This threshold is deduced from a regularized discriminant function of Maximum Likelihood (ML). The purpose of the second stage is to reduce False Alarm Rate (FAR) through an iterative process that reclassifies anomaly cluster, from the first stage, using a similarity distance and anomaly's cluster dispersion rate. We evaluate the proposed approach on the well-known intrusion detection dataset NSL-KDD and Kyoto 2006+. The experimental results show that SSAD outperforms the Naïve Bayes methods in terms of Detection Rate and False Positive Rate.