| 发明名称 | Method of detecting intrusion based on improved support vector machine | ||
| 摘要 | A method of detecting network intrusion based on improved support vector machine is disclosed. The method comprises the steps of identifying a plurality of features; computing information gain of each of the features; selecting a pre-determined number of features based on the computed information gain and augmenting that set of pre-determined number of features with special features to form a set of selected features; and classifying a network connection based on the selected features using support vector machine. In order to achieve better detection accuracy, cross-validation and grid-search are applied to select the radial basis function for the support vector machine. | ||
| 申请公布号 | US9298913(B2) | 申请公布日期 | 2016.03.29 |
| 申请号 | US201414201939 | 申请日期 | 2014.03.10 |
| 申请人 | Macau University of Science and Technology | 发明人 | Hon Chi Tin;Xu Jia Hua |
| 分类号 | G06F9/00;G06F21/55;H04L29/06 | 主分类号 | G06F9/00 |
| 代理机构 | Eagle IP Limited | 代理人 | Eagle IP Limited ;Lui Jacqueline C. |
| 主权项 | 1. A method executed by a server to determine a type of computer intrusion, the method comprising: a) identifying, by the server, a plurality of features; b) computing, by the server, information gain of each of said plurality of features; c) selecting, by the server, a pre-determined number of features from said plurality of features based on said information gain and augmenting said pre-determined number of features with special features to form a set of selected features; and d) classifying, by the server, the type of computer intrusion based on said set of selected features using support vector machine; wherein said plurality of features are selected from a group of features consisting of basic features of a TCP connection, content features within a connection suggested by a domain knowledge and traffic features computed using a two-second time window. | ||
| 地址 | Macau CN | ||