基于t分布的SOM网络异常检测改进方案

2011 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery Pub Date : 2011-10-10 DOI:10.1109/CyberC.2011.51

Wei Chen, Linying Xiao

{"title":"基于t分布的SOM网络异常检测改进方案","authors":"Wei Chen, Linying Xiao","doi":"10.1109/CyberC.2011.51","DOIUrl":null,"url":null,"abstract":"In this paper, a scheme of adaptable distance calculation based on t-distribution is proposed on the basis of analysis of the scheme of SOM network anomaly detection. This method establishes a confidence interval between the test sample and BMU distance using t-distribution. It makes sure that network anomaly occurs when the distance between the test sample and BMU is not within the range of the confidence interval. The improved method is compared with the method of the network anomaly detection based on OC-SVM in order to test its validity. At last, the experimental result shows that this kind of method has characteristics of easy realization, high detection rate and low false alarm rate.","PeriodicalId":227472,"journal":{"name":"2011 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An Improved Solution of SOM Network Anomaly Detection Based on T-Distribution\",\"authors\":\"Wei Chen, Linying Xiao\",\"doi\":\"10.1109/CyberC.2011.51\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, a scheme of adaptable distance calculation based on t-distribution is proposed on the basis of analysis of the scheme of SOM network anomaly detection. This method establishes a confidence interval between the test sample and BMU distance using t-distribution. It makes sure that network anomaly occurs when the distance between the test sample and BMU is not within the range of the confidence interval. The improved method is compared with the method of the network anomaly detection based on OC-SVM in order to test its validity. At last, the experimental result shows that this kind of method has characteristics of easy realization, high detection rate and low false alarm rate.\",\"PeriodicalId\":227472,\"journal\":{\"name\":\"2011 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-10-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberC.2011.51\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberC.2011.51","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

本文在分析SOM网络异常检测方案的基础上，提出了一种基于t分布的自适应距离计算方案。该方法利用t分布在检验样本与BMU距离之间建立置信区间。确保当测试样件与BMU的距离不在置信区间范围内时，出现网络异常。将改进后的方法与基于OC-SVM的网络异常检测方法进行了比较，验证了改进后的方法的有效性。实验结果表明，该方法具有实现简单、检测率高、虚警率低等特点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Improved Solution of SOM Network Anomaly Detection Based on T-Distribution

In this paper, a scheme of adaptable distance calculation based on t-distribution is proposed on the basis of analysis of the scheme of SOM network anomaly detection. This method establishes a confidence interval between the test sample and BMU distance using t-distribution. It makes sure that network anomaly occurs when the distance between the test sample and BMU is not within the range of the confidence interval. The improved method is compared with the method of the network anomaly detection based on OC-SVM in order to test its validity. At last, the experimental result shows that this kind of method has characteristics of easy realization, high detection rate and low false alarm rate.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery

自引率

0.00%

发文量