中文摘要：

针对异常检测具有较高的误报率的缺点,提出一种降低误报的算法。该算法基于入侵活动须依赖多种行为相互配合来完成的特点,对于出现异常行为的用户,在异常行为还不足以认定为入侵的情况下,为防止误报,通过分析用户在一段时间内的后续行为是否存在配合实施入侵的可能来综合推断用户是否为入侵者,从而达到降低误报的目的。

英文摘要：

Aimed at the shortcomings of anomaly detection for a high false positive rate,an algorithm is proposed to reduce false positives.This algorithm is based on the invasion of activities must rely on a variety of acts with each other to complete the characteristics of abnormal behavior for the user.When the abnormal behavior is not enough to confirm the case for the invasion,to prevent false positives,by analyzing the user within a period of time existence of an act with the implementation of follow-up to the invasion possible to infer the user whether a comprehensive intruders,the purpose of reducing false positives is realized.