基于贝叶斯和决策树的入侵检测方法

Intrusion detection method based on Bayesian and decision tree

  • 摘要: 针对目前基于贝叶斯或决策树的入侵检测方法存在检测率低、误检率高的问题,提出了一种基于贝叶斯和决策树的入侵检测方法。该检测方法首先采用基于特征相似度的朴素贝叶斯方法对训练集中的样本进行分类,更新每个样本的类值;然后对训练集中的样本再次使用朴素贝叶斯方法进行分类,对存在误分类样本的类采用决策树的信息增益来确定属性划分子类,再对子类进行分类和划分操作;最后建立贝叶斯和决策树的混合模型进行入侵检测。实验结果表明,与单独使用贝叶斯或者决策树的检测方法相比,该检测方法具有较高的检测率。

     

    Abstract: In view of problems of low detection rate and high false detection rate in intrusion detection method based on Bayesian or decision tree, the paper proposed an intrusion detection method based on Bayesian and decision tree. Firstly, Naive Bayesian method based on feature similarity is used to classify samples of training set and class value of each sample is updated. Then the samples are classified with Naive Bayesian method again. Those classes which contain misclassified samples are divided into some subclasses by using the attributes which were determined by information gain of decision tree, and the subclasses are operated on classification and partition. Finally, the model of combination of Bayesian and decision tree is used for intrusion detection. The experiment result showed that the detection method has higher detection rate than the method using either Bayesian or decision tree.

     

/

返回文章
返回