Fig 1. Detection Rate vs False PositiveFig.1 中 NPE, 和 Kernel NPE 将 182 维数的向量, 降维至 30 维.
Kernel NPE 做再用KNN ,明显提高了Detection Rate while False Positive is kept smaller than others.
从matlab 程序运行时间来说:
KNPE: 4.343750e+000 sec (182 dims -> 30 dims, then KNN)
NPE: 4.062500e+000 sec (182 dims -> 30 dims, then KNN)
BWC_KNN: 1.592188e+001 sec (182 dims , 处理时间主要集中在kernel上了)
KNN: 4.562500e+000 sec (182 dims)
Conclusion: KNPE is reasonable approach, when used in intrusion detection, at least in system call detection. It also could be extended later.
至于Kernel LPP, 如果选用:
%options.Regu = 0;
options.Regu = 1;
options.ReguAlpha = 0.01;
即在SVD的处理中,用regularization factor 来处理, 提高了性能. Why? Need to take deeper insight on it.
至于semi-supervised NPE 可以借鉴 Prof. DaoQiang Zhang 的文章"semi-supervised dimension reduction"
Cn 表示 can't not link, Cm 表示 must link, Cw 表示C-Cn-Cm, 在Cn , Cm 和 Cw中以 LLE的目标函数为准.
使目标函数 (Cn - Cm)/Cw 最大化.
没有评论:
发表评论