ОЦЕНКА НА ЕФЕКТИВНОСТТА НА СИСТЕМИ ЗА ОТКРИВАНЕ НА НАРУШЕНИЯ, ОСНОВАНИ НА КЛАСИФИКАЦИОННИ ДЪРВЕТА И РАЗСТОЯНИЕ НА КУЛБЕК-ЛЕЙБЛЕР
Ключови думи:
oткриване на нарушения, системи за откриване на нарушения, основани на аномалии, ROC крива, корелационен коефициент на Матюс, процент на грешки, точност
Абстракт
Настоящата статия представя някои оценки на ефективността на системи за откриване на нарушения, основани на класификационни дървета и разстояние на Kullback-Leibler. Най-използвани методи за такава оценка са: точност, корелационен коефициент на Матюс и ROC крива.
Литература
[1] Abraham, A., J. Thomas, Distributed Intrusion Detection Systems: A Computational Intelligence Approach, Applications of Information Systems to Homeland Security and Defense, Idea Group Inc. Publishers, USA, Chapter 5, pp. 105-135, 2005.
[2] Baldi P., Brunak S., Chauvin Y., Andersen C.A., Nielsen H., Assessing the accuracy of prediction algorithms for classification: An overview, Bioinformatics, Vol. 16, pp. 412–424, 2000.
[3] Ghosh A.K., A. Schwartzbard, M. Schatz, Learning Program Behavior Profiles for Intrusion Detection, Proceedings of the 1st Workshop on Intrusion Detection and Network Monitoring, pp. 51–62, 1999.
[4] Ferri C., N. Lachinche, S. A. Macskassy, A. Rakotomamonjy, eds., Second Workshop on ROC Analysis in ML, 2005.
[5] Forrest S., S.A. Hofmeyr, A. Somayaji, T.A. Longtaff, A Sense of Self for Unix Processes, Proceedings of the 1996 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitors, CA, pp.120-128, 1996.
[6] Han, Te Sun & Kobayashi, Kingo, Mathematics of Information and Coding, American Mathematical Society. pp. 19–20, 2002.
[7] Lippmann R., D. Fried, I. Graf, J. Haines, K. Kendall, D. McClung, D. Weber, S. Webster,
D. Wyschogrod, R. Cunningham, M. Zissman, Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation, In Proceedings of the DARPA Information Survivability Conference and Exposition, Los Alamitos, California, USA, 2000. IEEE Computer Society Press.
[8] R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, K. Das, The 1999 darpa off-line intrusion detection evaluation, Computer Networks, 34(4):579–595, 2000
[9] Matthews B.W., Comparison of the predicted and observed secondary structure of T4 phage lysozyme, Biochim. Biophys. Acta 1975, 405, 442-451.
[10] Nikolova E., V. Jecheva, Classification Tree and Kullback-Leibler Distance-based Anomaly Intrusion Detection Approach, Knowledge - traditions, innovations, perspectives, Burgas Free University, 2013
[11] Qiao Y., X.W. Xin, Y. Bin, S. Ge, Anomaly intrusion detection method based on HMM, IEEE Electronic Letters Online No: 20020467, 2002.
[12] Tran T.P., T. Jan, A. J. Simmonds, A Multi-Expert Classification Framework for Network Misuse Detection, Proceeding of Artificial Intelligence and Soft Computing, ISBN 0-88986-610-4, 2006.
[13] University of New Mexico’s Computer Immune Systems Project, http://www.cs.unm.edu/~immsec/systemcalls.htm.
[2] Baldi P., Brunak S., Chauvin Y., Andersen C.A., Nielsen H., Assessing the accuracy of prediction algorithms for classification: An overview, Bioinformatics, Vol. 16, pp. 412–424, 2000.
[3] Ghosh A.K., A. Schwartzbard, M. Schatz, Learning Program Behavior Profiles for Intrusion Detection, Proceedings of the 1st Workshop on Intrusion Detection and Network Monitoring, pp. 51–62, 1999.
[4] Ferri C., N. Lachinche, S. A. Macskassy, A. Rakotomamonjy, eds., Second Workshop on ROC Analysis in ML, 2005.
[5] Forrest S., S.A. Hofmeyr, A. Somayaji, T.A. Longtaff, A Sense of Self for Unix Processes, Proceedings of the 1996 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitors, CA, pp.120-128, 1996.
[6] Han, Te Sun & Kobayashi, Kingo, Mathematics of Information and Coding, American Mathematical Society. pp. 19–20, 2002.
[7] Lippmann R., D. Fried, I. Graf, J. Haines, K. Kendall, D. McClung, D. Weber, S. Webster,
D. Wyschogrod, R. Cunningham, M. Zissman, Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation, In Proceedings of the DARPA Information Survivability Conference and Exposition, Los Alamitos, California, USA, 2000. IEEE Computer Society Press.
[8] R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, K. Das, The 1999 darpa off-line intrusion detection evaluation, Computer Networks, 34(4):579–595, 2000
[9] Matthews B.W., Comparison of the predicted and observed secondary structure of T4 phage lysozyme, Biochim. Biophys. Acta 1975, 405, 442-451.
[10] Nikolova E., V. Jecheva, Classification Tree and Kullback-Leibler Distance-based Anomaly Intrusion Detection Approach, Knowledge - traditions, innovations, perspectives, Burgas Free University, 2013
[11] Qiao Y., X.W. Xin, Y. Bin, S. Ge, Anomaly intrusion detection method based on HMM, IEEE Electronic Letters Online No: 20020467, 2002.
[12] Tran T.P., T. Jan, A. J. Simmonds, A Multi-Expert Classification Framework for Network Misuse Detection, Proceeding of Artificial Intelligence and Soft Computing, ISBN 0-88986-610-4, 2006.
[13] University of New Mexico’s Computer Immune Systems Project, http://www.cs.unm.edu/~immsec/systemcalls.htm.
Публикуван
2018-05-30
Как да се цитира
Jecheva, V., & Nikolova, E. (2018). ОЦЕНКА НА ЕФЕКТИВНОСТТА НА СИСТЕМИ ЗА ОТКРИВАНЕ НА НАРУШЕНИЯ, ОСНОВАНИ НА КЛАСИФИКАЦИОННИ ДЪРВЕТА И РАЗСТОЯНИЕ НА КУЛБЕК-ЛЕЙБЛЕР. КОМПЮТЪРНИ НАУКИ И КОМУНИКАЦИИ, 2(2), 62-68. изтеглен на от https://csc.bfu.bg/index.php/CSC/article/view/184
Раздел
Компютърни науки и комуникации - рецензирани публикации. ISSN: 1314-7846
Copyright (C) 2018 Veselina Jecheva, Evgeniya Nikolova
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
