国产bbaaaaa片,成年美女黄网站色视频免费,成年黄大片,а天堂中文最新一区二区三区,成人精品视频一区二区三区尤物

首頁> 外文學(xué)位 >K-Means+ID3 and dependence tree methods for supervised anomaly detection.
【24h】

K-Means+ID3 and dependence tree methods for supervised anomaly detection.

機(jī)譯:K-Means + ID3和依賴樹方法用于監(jiān)督異常檢測。

獲取原文
獲取原文并翻譯 | 示例
  • 摘要
  • 著錄項(xiàng)
  • 相似文獻(xiàn)
  • 相關(guān)主題

摘要

In this dissertation, we present two novel methods for supervised anomaly detection. The first method "K-Means+ID3" performs supervised anomaly detection by partitioning the training data instances into k clusters using Euclidean distance similarity. Then, on each cluster representing a density region of normal or anomaly instances, an ID3 decision tree is built. The ID3 decision tree on each cluster refines the decision boundaries by learning the subgroups within a cluster. To obtain a final decision on detection, the k-Means and ID3 decision trees are combined using two rules: (1) the nearest neighbor rule; and (2) the nearest consensus rule. The performance of the K-Means+ID3 is demonstrated over three data sets: (1) network anomaly data, (2) Duffing equation data, and (3) mechanical system data, which contain measurements drawn from three distinct application domains of computer networks, an electronic circuit implementing a forced Duffing equation, and a mechanical mass beam system subjected to fatigue stress, respectively. Results show that the detection accuracy of the K-Means+ID3 method is as high as 96.24 percent on network anomaly data; the total accuracy is as high as 80.01 percent on mechanical system data; and 79.9 percent on Duffing equation data. Further, the performance of K-Means+ID3 is compared with individual k-Means and ID3 methods implemented for anomaly detection.; The second method "dependence tree based anomaly detection" performs supervised anomaly detection using the Bayes classification rule. The class conditional probability densities in the Bayes classification rule are approximated by dependence trees, which represent second-order product approximations of probability densities. We derive the theoretical relationship between dependence tree classification error and Bayes error rate and show that the dependence tree approximation minimizes an upper bound on the Bayes error rate. To improve the classification performance of dependence tree based anomaly detection, we use supervised and unsupervised Maximum Relevance Minimum Redundancy (MRMR) feature selection method to select a set of features that optimally characterize class information. We derive the theoretical relationship between the Bayes error rate and the MRMR feature selection criterion and show that MRMR feature selection criterion minimizes an upper bound on the Bayes error rate. The performance of the dependence tree based anomaly detection method is demonstrated on the benchmark KDD Cup 1999 intrusion detection data set. Results show that the detection accuracies of the dependence tree based anomaly detection method are as high as 99.76 percent in detecting normal traffic, 93.88 percent in detecting denial-of-service attacks, 94.88 percent in detecting probing attacks, 86.40 percent in detecting user-to-root attacks, and 24.44 percent in detecting remote-to-login attacks. Further, the performance of dependence tree based anomaly detection method is compared with the performance of naive Bayes and ID3 decision tree methods as well as with the performance of two anomaly detection methods reported in recent literature.
機(jī)譯:本文提出了兩種新穎的監(jiān)督異常檢測方法。第一種方法“ K-Means + ID3”通過使用歐氏距離相似度將訓(xùn)練數(shù)據(jù)實(shí)例劃分為k個簇來執(zhí)行監(jiān)督異常檢測。然后,在代表正?;虍惓?shí)例的密度區(qū)域的每個群集上,構(gòu)建ID3決策樹。每個群集上的ID3決策樹通過學(xué)習(xí)群集內(nèi)的子組來優(yōu)化決策邊界。為了獲得檢測的最終決策,使用兩個規(guī)則將k-Means和ID3決策樹進(jìn)行組合:(1)最近鄰居規(guī)則; (2)最接近的共識規(guī)則。 K-Means + ID3的性能在以下三個數(shù)據(jù)集上得到了證明:(1)網(wǎng)絡(luò)異常數(shù)據(jù),(2)Duffing方程數(shù)據(jù)和(3)機(jī)械系統(tǒng)數(shù)據(jù),其中包含從計算機(jī)網(wǎng)絡(luò)的三個不同應(yīng)用程序域中得出的測量結(jié)果分別是執(zhí)行強(qiáng)制Duffing方程的電子電路和承受疲勞應(yīng)力的機(jī)械質(zhì)量梁系統(tǒng)。結(jié)果表明,K-Means + ID3方法對網(wǎng)絡(luò)異常數(shù)據(jù)的檢測準(zhǔn)確率高達(dá)96.24%。機(jī)械系統(tǒng)數(shù)據(jù)的總精度高達(dá)80.01%;和達(dá)芬奇方程數(shù)據(jù)的79.9%。此外,將K-Means + ID3的性能與為異常檢測實(shí)現(xiàn)的各個k-Means和ID3方法進(jìn)行了比較。第二種方法“基于依賴樹的異常檢測”使用貝葉斯分類規(guī)則執(zhí)行監(jiān)督異常檢測。貝葉斯分類規(guī)則中的類條件條件概率密度由依賴樹近似,依賴樹表示概率密度的二階乘積近似。我們推導(dǎo)了依賴樹分類誤差與貝葉斯錯誤率之間的理論關(guān)系,并表明依賴樹近似使貝葉斯錯誤率的上限最小。為了提高基于依存樹的異常檢測的分類性能,我們使用有監(jiān)督和無監(jiān)督的最大相關(guān)最小冗余(MRMR)特征選擇方法來選擇可最佳表征類別信息的特征集。我們推導(dǎo)了貝葉斯錯誤率和MRMR特征選擇標(biāo)準(zhǔn)之間的理論關(guān)系,并表明MRMR特征選擇標(biāo)準(zhǔn)使貝葉斯錯誤率的上限最小。在基準(zhǔn)KDD Cup 1999入侵檢測數(shù)據(jù)集上證明了基于依賴樹的異常檢測方法的性能。結(jié)果表明,基于依賴樹的異常檢測方法的檢測準(zhǔn)確率在正常流量檢測中高達(dá)99.76%,在拒絕服務(wù)攻擊中的檢測率為93.88%,在探測攻擊中的檢測率為94.88%,在檢測用戶到用戶中的檢測率為86.40%。 -root攻擊,檢測遠(yuǎn)程登錄攻擊的比例為24.44%。此外,將基于依賴樹的異常檢測方法的性能與樸素貝葉斯和ID3決策樹方法的性能以及最近文獻(xiàn)中報道的兩種異常檢測方法的性能進(jìn)行了比較。

著錄項(xiàng)

相似文獻(xiàn)

  • 外文文獻(xiàn)
  • 中文文獻(xiàn)
  • 專利
獲取原文

客服郵箱:kefu@zhangqiaokeyan.com

京公網(wǎng)安備:11010802029741號 ICP備案號:京ICP備15016152號-6 六維聯(lián)合信息科技 (北京) 有限公司?版權(quán)所有

  • 客服微信

  • 服務(wù)號