中文摘要：

报警融合是入侵检测系统中很重要的一个环节,然而不同的攻击类型具有不同的数据特点,统一的无差别的处理方法势必会存在缺陷。提出了采用基于支持向量数据描述的报警融合算法,并且结合模拟退火的思想,根据不同的攻击类型,选择适合它的属性和核参数,剔除冗余特征,避免样本不均衡产生的影响,通过局部检测、数据融合以及最终的决策分析,提高了报警的检测率,降低了漏报率。通过KDD99数据集对提出的方法进行了验证。

英文摘要：

Alarm fusion is an important part in IDS. However, different attack types have different data characteristics;in- discriminate processing method must have some faults. This paper proposes an alarm fusion method based on Support Vector Data Description （SVDD）, also combines the thought of Simulated Annealing （SA）. It can choose the appropriate attributes and kernel parameters, at the same time, it can eliminate the redundant features and avoid the influence of imbal- anced samples. This model can make false positive lower and improve the efficiency of intrusion detection through local detection, data fusion and final decision analysis. At last, this method is verified with the KDD99 data sets.