欢迎访问昆明冶金高等专科学校学报官方网站,今天是 分享到:

昆明冶金高等专科学校学报 ›› 2024, Vol. 40 ›› Issue (6): 55-.DOI: 10.3969/j.issn.1009-0479.2024.06.010

• 电子信息技术 • 上一篇    

基于支持向量机的主机异常行为检测方案 

黄智睿a ,袁建明b ,苗旺元a ,何亚南a ,谢显杰a ,方 芳a   

  1. (昆明冶金高等专科学校 a计算机信息学院,b网络管理与信息中心,云南 昆明 650033)
  • 收稿日期:2024-02-23 出版日期:2024-07-04 发布日期:2025-09-24
  • 作者简介: 作者简介:黄智睿 (1991-),男,福建古田人,助教,理学硕士,主要从事信息安全、机器学习与无线传感器网络研究。
  • 基金资助:
    昆明冶金高等专科学校科研基金项目 “基于机器学习算法的主机异常检测研究”(2023xjy03)。

Scheme of Host Abnormal Behavior Detection Based onSupport Vector Machine

HUANG Zhirui°, YUAN Jianming", MlAO WangyuanªHE Yananª, XlE Xianjieª, FANG Fang”   

  1. ( a. Faculty of Computer Information, b. Network Management andInformation Center, Kunming Metallurgy College, Kunming 650033, China)
  • Received:2024-02-23 Online:2024-07-04 Published:2025-09-24

摘要: 介绍了一种基于支持向量机算法的主机异常检测方案,旨在迅速且精准地发现用户操作中的异常行为, 并及时提醒管理人员采取干预措施,从而确保系统的整体安全。方案首先通过自然语言处理技术来提取特征, 并构建出特征向量;然后采用主成分分析算法降维处理特征数据,以提升后续处理的速度和效率;其次,运用 支持向量机算法学习并区分主机的正常操作和异常操作模式,进而构建出高效的检测模型;最终,利用训练完 备的模型实时检测主机是否存在异常操作。为验证这一方法的实际应用效果,选用了澳大利亚国防学院的 ADFALD数据集进行实证研究,检测性能令人满意。

关键词: 网络空间安全, 机器学习, 主机异常检测, 支持向量机, 自然语言处理

Abstract:  This paper introduces a host anomaly detection scheme based on support vector machine algo.rithm, which aims to detect abnormal behavior in user operations in a rapid and accurate way, and im.mediately remind users to take intervention measures to ensure the overall security of the system. Specif.ically , this scheme first uses natural language processing technology to extract features and construct fea.ture vectors ; then, principal component analysis algorithm is used to reduce the dimension of feature da.ta in order to improve the speed and elliciency of subsequent processing; after that, support vector ma-chine algorithm is used to lear and distinguish between normal and abnormal operation modes of thehost. and then an eflicient detection model is constructed. Finally, the fully trained model is used todetect whether the host has abnormal operation in real time. In order to verily the practical applicationelfeet of this method, the ADFA-LD data set of Australian Defense College is selected for empirical re.search, and satis factory detection performance is achieved.

Key words: cyberspace security, machine learning, host anomaly detection, support vector machine, natural language processing

中图分类号: