关键词: 异常检测, 主成份分析, 信息增益, 支持向量机, 神经网络

Abstract:

Anomaly detection is a very active area of IDS. As a network measurement tool, anomaly detection plays an important role for a header statistical information in many network management tasks. Assembling the information of network packets can effectively constitute the network traffic measurement metrics. Extracting a specific subset from the metrics can be used to describe the flow of network attack characteristics. If these metrics show a relatively stable performance when there is no attack and a relatively sensitive manner when the attack occurs, they can be used to judge the attacks.And the redundant features are deleted by the use of principal component analysis and information gain.It can reduce spending and increase realtimeness. The classifier based on machine learning is an effective judgment method of the anomaly caused by network attacks.According to the selected metrics,we design three classifiers.

Key words: anomaly detection;principal components analysis;information gain;support vector machines;neural network