normal anomaly 中文意思是什麼
normal anomaly
解釋
正異常-
The ids of the paper is network - based anomaly detection system. with the help of data mining technology, we bring forward a measure to describe the normal state of the network traffic and user behavior and extracting the useful rule from large network data. so we can establish the knowledge warehouse which describe the normal state of the network traffic and user behavior. the knowledge warehouse can be the standard in order to judge the normal state. we can find the dubitable connections according to account the state and anomly instances of connections
論文在描述網路應用和用戶行為時採用數據挖掘技術從海量的網路數據中提取有用的規則,構建了一個描述正常狀態下的網路應用和用戶行為的規則集,這個規則集是用來判斷網路應用和用戶行為是否正常的標準,論文根據這個標準分析當前網路連接的異常情況,將可疑的連接找出來。 -
In case 6, the heart looks " inverted " compared to normal ( figure 8 ). this phenomenon is called dextrocardia, and it results from a looping anomaly during embryologic development
病例6中的心臟與正常相比看上去就像「反轉」了一樣(圖8 ) ,這稱作右位心,是由於胚胎發育過程中的心臟成環異常導致。 -
Describing normal behaviors is one of the difficulties that an anomaly detection system faces
對正常行為的描述是異常檢測系統必須要解決好的核心問題之一。 -
The essence of edid is to set up a normal behavior fuzzy sub collection a on the basis of watching the normal system transfer of the privilege process, and set up a fuzzy sub collection b with real time transfer array, then detect with the principle of minimum distance in fuzzy discern method the innovation point of this paper is : put forward the method of edid, can not only reduce efficiently false positive rate and false negative rate, also make real time intrusion detection to become possibility ; have independent and complete character database, according to the classification of monitoring program, design normal behavior and anomaly behavior etc., have raised the strongness of ids ; use tree type structure to preservation the character database, have saved greatly stock space ; in detection invade, carry out frequency prior principle, prior analysis and handling the behavior feature of high frequency in information table, have raised efficiency and the speed of detection, make real time intrusion detection to become possibility ; have at the same time realized anomaly intrusion detection and misuse intrusion detection, have remedied deficiency of unitary detection method
這種方法的實質是在監控特權進程的正常系統調用基礎上建立正常行為模糊子集a ,用檢測到的實時調用序列建立模糊子集b ,然後用模糊識別方法中的最小距離原則進行檢測。本文的創新點是:通過對特權進程的系統調用及參數序列的研究,提出了基於euclidean距離的入侵檢測方法edid ,不僅能有效降低漏報率和誤報率,而且使實時入侵檢測成為可能;設計有獨立而完整的特徵數據庫,根據被監控程序的類別,分別設計正常行為、異常行為等,提高了檢測系統的強健性和可伸縮性;特徵數據庫按樹型結構存儲,大大節省了存儲空間;在檢測入侵時,實行頻度優先原則,優先分析和處理信息表中的高頻度行為特徵,提高檢測的速度和效率,使實時入侵檢測成為可能;同時實現了異常入侵檢測和誤用入侵檢測,彌補了單一檢測方法的不足。 -
First, realized a wegener - willie distribute based network traffic anomaly detection algorithm. we make use of wegener - willie distribute to analyze the inherent time - frequency distribution characteristics of the traffic flow signal. then according to the experience of analysis on historical flow, we construct a normal flow training sample aggregation and a abnormal flow training sample aggregation
通過魏格納-威利分佈分析網路流量信號在時頻分佈上所反映出的內在特點,根據歷史流量的經驗構造正常流量和異常流量兩個訓練樣本空間,通過k最近鄰分類演算法將帶檢測流量信號的時頻分佈與訓練樣本進行比較,完成對檢測樣本的自動分類識別。 -
Analysis shows that when summer precipitation in north china is richer ( less ), tropical east pacific ssta is colder ( warmer ) phase, and slp and 500hpa geo - potential height are negative ( positive ) anomaly over the asia, west pacific sub - high is northerner ( southerner ), and block high in mid - highs latitude happens less ( more ) than normal, east monsoon is stronger ( weaker )
分析表明華北夏季多(少)雨期,赤道中東太平洋ssta處于冷(暖)位相,在非洲大陸上slp利500hpa位勢高度均為負(正)異常,西北太平洋副高位置偏北(南) ,中緯度阻塞高壓發生頻率較低(高) ,東亞夏季風偏強(弱) 。 -
The figure of daily mean value in resent year showed : the medium term anomaly with impulse jumps appeared 11 months before the event, and the maximum of anomaly was 84 times of the normal rising rate ; the short term anomaly appeared 4 - 1 month before the event, and the maximum of anomaly was 274 times of normal mean fluctuation ; the imminent anomaly appeared 9 days before the event, and the maximum of anomaly was 2. 5 times of normal mean fluctuation
年日均值圖顯示,中期異常出現在震前11個月左右,表現為脈沖式向上突跳及階躍式上升,最大異常量為日均正常上升速率的84倍;中短期異常出現在震前4個月和1個月,最大異常量為正常日均波動值的274倍;臨震異常出現在震前的第9天,震前25小時達到最高值,最大異常量為正常日均波動值的2 . 5倍。 -
Simulation shows the study is a valuable reference for advancing exploration of real - time traffic anomaly detection. for non - stationary traffic, a general method is proposed based on a separation of the non - stationary traffic into disjoint components corresponding to normal and anomalous network conditions
通過計算隨機部分參數的邊緣分佈和殘差,從高維、非平穩流量中分離出包含異常的隨機部分,揭示了流量異常對隨機部分參數的影響。 -
Normal behavior and anomaly are distinguished on the basis of observed datum such as network flows and audit records of host. when a training sample set is unlabelled and unbalanced, attack detection is treated as outlier detection or density estimation of samples and one - class svm of hypersphere can be utilized to solve it. when a training sample set is labelled and unbalanced so that the class with small size will reach a much high error rate of classification, a weighted svm algorithm, i
針對訓練樣本是未標定的不均衡數據集的情況,把攻擊檢測問題視為一個孤立點發現或樣本密度估計問題,採用了超球面上的one - classsvm演算法來處理這類問題;針對有標定的不均衡數據集對于數目較少的那類樣本分類錯誤率較高的情況,引入了加權svm演算法-雙v - svm演算法來進行異常檢測;進一步,基於1998darpa入侵檢測評估數據源,把兩分類svm演算法推廣至多分類svm演算法,並做了多分類svm演算法性能比較實驗。 -
The results of trial indicate classification models constructed by this set of features can find an obvious threshold to distinguish between a normal network activity and an abnormal one. so the anomaly classification model offered in this thesis has better performance of detection
通過大量的實驗,表明應用我們所提出的基於網路連接記錄異常檢測分類模型的構建方法,能夠以較為明顯的閾值把正常網路活動與異常網路活動區分開,因此,本文提出的異常檢測分類模型具有較好的檢測性能。 -
It can show significant difference between normal flows and attack flows in the correlation, which offers a new method to analyze the correlation in anomaly detection. the second analysis method is multi - similarity analysis of network charact - eristics
通過主成分宏觀分析和微觀分析,該方法很好地分析了流量內部微觀的行為和關系,很好地區分了正常網路流和異常網路流在相關性上的不同,為異常發現提供了新的思路。 -
The consistently repeated system call sequences in normal process trace were regarded as macros, and then an anomaly detection model based on system call macros markov chain was created
把正常程序行為產生的系統調用跡中大量有規律的重復出現的系統調用短序列看成一個個獨立的基本單位(宏) ,並以宏為基本單位構建一個基於馬爾可夫鏈的異常入侵檢測模型。 -
Based on the mechanism of computer immune system, this paper presents a new anomaly detection technique to detect intrusion into computer system. in this technique, a markov chain model is used to represent a temporal profile of normal behavior of a process. the markov chain model of normal profile can be created by learning the historic data of the sequence of system calls produced by privileged processes running on unix system
傳統的入侵檢測技術,依照所基於的原則不同,通常分為誤用入侵檢測與異常入侵檢測,本文在入侵研究中所採用的計算機系統免疫思想的基礎上,提出了一種新的異常入侵檢測技術,通過對( unix系統)特權進程系統調用序列的歷史數據的學習,用馬爾可夫鏈模型來建立特權進程的正常時態行為輪廓。 -
Abstract network traffic anomaly refers to the status that traffic behaviors depart from the normal behaviors. many reasons, such as the misuse of network equipments, network operations anomaly, flash crowd, network intrusion and so on will cause network anomaly
網路流量異常指的是網路的流量行為偏離其正常行為的情形,引起網路流量異常的原因是多種多樣的,例如網路設備的不良運行、網路操作異常、突發訪問( flashcrowd ) 、網路入侵等。 -
These two - layer markov chains were used to construct the normal profiles of server process ' s activity, and then to detect anomaly
這些兩層的馬爾可夫鏈用於構建服務進程的正常行為輪廓和異常檢測。 -
Meanwhile, a major problem in anomaly detection is that system can issue false alarms when there are modifications in the normal system behavior ; therefore, we present an adaptive data - mining framework for anomaly detection. the normal profile can be updated at regular intervals, and as a result, false alarms are significantly reduced
同時,在異常檢測系統中,當用戶或系統行為的正常輪廓發生變化時,由於檢測所需的規則庫不能及時的更新,容易造成將用戶或系統的正常行為誤報為入侵的情況,因此,文中介紹了一個構造自適應系統的方法,通過這種方法,規則庫可以自動的更新,並可以有效的減少誤報。
分享友人