发明名称 |
Method of detecting intrusion based on improved support vector machine |
摘要 |
A method of detecting network intrusion based on improved support vector machine is disclosed. The method comprises the steps of identifying a plurality of features; computing information gain of each of the features; selecting a pre-determined number of features based on the computed information gain and augmenting that set of pre-determined number of features with special features to form a set of selected features; and classifying a network connection based on the selected features using support vector machine. In order to achieve better detection accuracy, cross-validation and grid-search are applied to select the radial basis function for the support vector machine. |
申请公布号 |
US9298913(B2) |
申请公布日期 |
2016.03.29 |
申请号 |
US201414201939 |
申请日期 |
2014.03.10 |
申请人 |
Macau University of Science and Technology |
发明人 |
Hon Chi Tin;Xu Jia Hua |
分类号 |
G06F9/00;G06F21/55;H04L29/06 |
主分类号 |
G06F9/00 |
代理机构 |
Eagle IP Limited |
代理人 |
Eagle IP Limited ;Lui Jacqueline C. |
主权项 |
1. A method executed by a server to determine a type of computer intrusion, the method comprising:
a) identifying, by the server, a plurality of features; b) computing, by the server, information gain of each of said plurality of features; c) selecting, by the server, a pre-determined number of features from said plurality of features based on said information gain and augmenting said pre-determined number of features with special features to form a set of selected features; and d) classifying, by the server, the type of computer intrusion based on said set of selected features using support vector machine; wherein said plurality of features are selected from a group of features consisting of basic features of a TCP connection, content features within a connection suggested by a domain knowledge and traffic features computed using a two-second time window. |
地址 |
Macau CN |