false anomaly 中文意思是什麼
false anomaly
解釋
假異常-
The essence of edid is to set up a normal behavior fuzzy sub collection a on the basis of watching the normal system transfer of the privilege process, and set up a fuzzy sub collection b with real time transfer array, then detect with the principle of minimum distance in fuzzy discern method the innovation point of this paper is : put forward the method of edid, can not only reduce efficiently false positive rate and false negative rate, also make real time intrusion detection to become possibility ; have independent and complete character database, according to the classification of monitoring program, design normal behavior and anomaly behavior etc., have raised the strongness of ids ; use tree type structure to preservation the character database, have saved greatly stock space ; in detection invade, carry out frequency prior principle, prior analysis and handling the behavior feature of high frequency in information table, have raised efficiency and the speed of detection, make real time intrusion detection to become possibility ; have at the same time realized anomaly intrusion detection and misuse intrusion detection, have remedied deficiency of unitary detection method
這種方法的實質是在監控特權進程的正常系統調用基礎上建立正常行為模糊子集a ,用檢測到的實時調用序列建立模糊子集b ,然後用模糊識別方法中的最小距離原則進行檢測。本文的創新點是:通過對特權進程的系統調用及參數序列的研究,提出了基於euclidean距離的入侵檢測方法edid ,不僅能有效降低漏報率和誤報率,而且使實時入侵檢測成為可能;設計有獨立而完整的特徵數據庫,根據被監控程序的類別,分別設計正常行為、異常行為等,提高了檢測系統的強健性和可伸縮性;特徵數據庫按樹型結構存儲,大大節省了存儲空間;在檢測入侵時,實行頻度優先原則,優先分析和處理信息表中的高頻度行為特徵,提高檢測的速度和效率,使實時入侵檢測成為可能;同時實現了異常入侵檢測和誤用入侵檢測,彌補了單一檢測方法的不足。 -
Naids is the first data mining based anomaly detection system, the first intrusion detection system which lower false positive rate by classification engineering, the first intrusion detection system which put forward sliding windows techniques to carry out incremental, on - line mining
Naids是第一個基於數據挖掘方法的異常檢測系統,是第一個通過分類引擎來降低誤報率的入侵檢測系統,是第一個提出滑動窗口技術實施在線增量式挖掘的入侵檢測系統。 -
The ids works by two way, misuse detection and anomaly detection, misuse detection flags an intrusion on intrusion signature, this kind of detecting technic can be realized much more easily, and much more accurate, but it can not find some intrusiones that have been disguised or new kinds of intrusion. the anomaly detection can detect in more wide field, anomaly detection can compare new statistic data with average record, then anomaly record will be found, but it ' s more difficult to set a threshold, if the threshold is too big, some intrusion may be put through, if the threshold is too small, the ids will give more false positive alarm, and the threshold will be different with different people or different period, so the ids just simply show us their suspicious record, the administrator or expert will be in duty to analyze this record and give conclusion, the ids give more alarm than it should, leave us more detection record to analyze, and this is a hard work, we can not distinguish an intrusion or not if we analyze only one record, but we can judge if we find the relation among mass detection evidence. in this article, we try distinguish an intrusion using d - s theory ( proof theory ) instead using manual work, the ids will be more helpful and efficient
濫用檢測採用的是特徵檢測的方法,實現較為簡單,判斷的準確性較高,但是不能判斷一些經過偽裝的入侵或特徵庫中尚未包含的入侵,異常檢測能夠根據以往記錄的特徵平均值,判斷出異常情況,但是對于異常到什麼程度才視為入侵,這個閥值非常難以確定,閥值設定的太高,有可能漏過真正的入侵,如果設定的閥值太低,又會產生較高的誤警率,而且這個閥值因人而異,因時而異,因此現在的入侵檢測系統把這部分異常記錄以一定的形式顯示出來或通知管理人員,交給管理人員去判斷,而這些ids系統難以判斷的記錄,如果對每個證據單獨地進行觀察,可能是難以判斷是否是入侵,而把許多先後證據關聯起來,專家或管理人員根據經驗能夠判斷訪問的合法性,本文試圖引入人工智慧中證據理論的推理策略和示例學習方法,代替人工檢查分析,可以提高效率,降低誤警率,並可以對一個正在進行得可疑訪問實現實時檢測,通過搜索及時判斷,及時阻斷非法訪問,比事後得人工處理更有意義。 -
According to the types of rock density and magnetism of magmatite, with separation, continuation, derivation, and false color encoding between gravity anomaly and magnetic anomaly as well as a composite process of their attributive information, the magmatite belts reflected by both gravity anomaly and magnetic anomaly can be divided into two belts and seven group sections based on their positions in the tectonic unit, the magma series characteristics, and the time - space relationship with the ore belt
摘要根據不同類型巖漿巖的巖石密度、磁性的不同,通過重磁異常分離、延拓、求導、異常的彩色編碼及重、磁特徵信息的復合處理等,按重磁反映的巖漿巖帶所處的構造單元部位、巖漿系列特徵以及與礦帶的時空關系,將秦嶺造山帶劃分為2帶和7個群段。 -
Meanwhile, a major problem in anomaly detection is that system can issue false alarms when there are modifications in the normal system behavior ; therefore, we present an adaptive data - mining framework for anomaly detection. the normal profile can be updated at regular intervals, and as a result, false alarms are significantly reduced
同時,在異常檢測系統中,當用戶或系統行為的正常輪廓發生變化時,由於檢測所需的規則庫不能及時的更新,容易造成將用戶或系統的正常行為誤報為入侵的情況,因此,文中介紹了一個構造自適應系統的方法,通過這種方法,規則庫可以自動的更新,並可以有效的減少誤報。
分享友人