The intrusion detection method based on host anomaly can identify whether there is an anomaly in the user's operation,thus reminding the user to deal with it to ensure the security of the system.In order to identify the anomalies of user operations quickly and efficiently,a host anomaly detection method based on K-nearest neighbor algorithm is proposed in this paper.In this method,the natural language processing algorithm is used to extract the feature vector in the feature extraction process,and then the principal component analysis algorithm is used to reduce the dimensionality.Then the K nearest neighbor algorithm is used to learn the relevant features of the normal operation and abnormal operation of the host to establish a detection model.Finally,the model established after learning is used to determine whether the host has abnormal operations.In this paper,the ADFA-LD data set of Australian Defense College is used to verify the performance of the proposed method.
维普
万方数据