Information Technology Reference
In-Depth Information
Definition 3. Normal Degree
Let
AN
represents the normal behavior sample set in IDS database. Then we define
the similarity between
X
and
AN
as
S
X
AN
, called the normal degree of the behavior
vector
X
. See formula (5).
S
X
AN
(5)
=
Sim
(
X
,
AN
)
=
max{
Sim
(
X
,
AN
),
AN
∈
AN
,
j
=
0
L
,
m
}
j
j
Definition 4: Abnormal Degree
Let
AI
presents the abnormal behavior sample set in IDS database. Then we define the
similarity between
X
and
AI
as
X
AI
S
, called the abnormal degree of the behavior vec-
tor
X
. See formula (6).
S
AI
(6)
=
Sim
(
X
,
AI
)
=
max{
Sim
(
X
,
AI
),
AI
∈
AI
,
j
=
0
L
,
m
}
j
j
Definition 5: Intrusion Probability
Taking both the normal degree and the abnormal degree of
X
into consider, we de-
fine the intrusion probability of
X
as
P
(
X
,
AN
,
AI
)
. It can be calculated by means
of formula (7).
S
X
AI
P
(
X
,
AN
,
AI
)
=
,
(
β
≥
0
(7)
X
AI
X
AN
S
+
β
•
S
In formula 7,
β
is the contribution coefficient of the normal degree of
X
to the intrusion
probability
β
. The value of
is not less than 0.
P
(
X
,
AN
,
AI
)
5 The Dimension Reduction Method of Behavior Samples
5.1 Mapping to 2-Dimension Points
According to formula (3) and formula (4), every network behavior
X
can be respec-
tively result in a normal degree
A
S
,
then,
X
can be mapped into a binary tuples <
u
,
v
>. Regard
u
as the longitudinal co-
ordinates, and
v
as the abscissa, then (
u
,
v
) is a point in a 2-dimensional plane.
Taked notice of
S
X
AN
and anomaly degree
X
AI
. If let
u
=
A
S
v
=
X
S
X
∈
v
, a network behavior will be mapped into a point
within the rectangle region from (0,0) to (1,1). This mapping is illustrated in Figure 4.
Point (
u
1
,
v
1
) and (
u
2
,
v
2
) respectively represent the behavior vector
and
u
∈
[
0
[
0
X
and
X
.
2
Search WWH ::
Custom Search