0


检测网络和主机异常的规则验证中的权重与修剪

Weighting versus Pruning in Rule Validation for Detecting Network and Host Anomalies
课程网址: http://videolectures.net/kdd07_tandon_wvpirv/  
主讲教师: Gaurav Tandon
开课单位: 佛罗里达理工学院
开课时间: 2007-09-14
课程语种: 英语
中文简介:
对于入侵检测,LERAD算法学习了一套简洁的可理解规则来检测异常,这可能是新的攻击。 LERAD在单独的保持验证集上验证学习的规则,并删除导致错误警报的规则。但是,删除可能具有高覆盖率的规则可能会导致错过检测。我们建议保留这些规则并将权重与其相关联。我们提出了三种加权方案,我们的实证结果表明,对于LERAD,规则加权可以检测到比修剪更多的攻击,并且计算开销最小。
课程简介: For intrusion detection, the LERAD algorithm learns a succinct set of comprehensible rules for detecting anomalies, which could be novel attacks. LERAD validates the learned rules on a separate held-out validation set and removes rules that cause false alarms. However, removing rules with possible high coverage can lead to missed detections. We propose to retain these rules and associate weights to them. We present three weighting schemes and our empirical results indicate that, for LERAD, rule weighting can detect more attacks than pruning with minimal computational overhead.
关 键 词: 入侵检测; LERAD算法加权方案
课程来源: 视频讲座网
最后编审: 2019-05-09:lxf
阅读次数: 36

纠错/补充/评论/留言
评论/留言 纠错/补充
验证算术题: 0 + 9 =