mass detection meaning in English
质量检测
Examples
- The ids works by two way , misuse detection and anomaly detection , misuse detection flags an intrusion on intrusion signature , this kind of detecting technic can be realized much more easily , and much more accurate , but it can not find some intrusiones that have been disguised or new kinds of intrusion . the anomaly detection can detect in more wide field , anomaly detection can compare new statistic data with average record , then anomaly record will be found , but it ' s more difficult to set a threshold , if the threshold is too big , some intrusion may be put through , if the threshold is too small , the ids will give more false positive alarm , and the threshold will be different with different people or different period , so the ids just simply show us their suspicious record , the administrator or expert will be in duty to analyze this record and give conclusion , the ids give more alarm than it should , leave us more detection record to analyze , and this is a hard work , we can not distinguish an intrusion or not if we analyze only one record , but we can judge if we find the relation among mass detection evidence . in this article , we try distinguish an intrusion using d - s theory ( proof theory ) instead using manual work , the ids will be more helpful and efficient
滥用检测采用的是特征检测的方法,实现较为简单,判断的准确性较高,但是不能判断一些经过伪装的入侵或特征库中尚未包含的入侵,异常检测能够根据以往记录的特征平均值,判断出异常情况,但是对于异常到什么程度才视为入侵,这个阀值非常难以确定,阀值设定的太高,有可能漏过真正的入侵,如果设定的阀值太低,又会产生较高的误警率,而且这个阀值因人而异,因时而异,因此现在的入侵检测系统把这部分异常记录以一定的形式显示出来或通知管理人员,交给管理人员去判断,而这些ids系统难以判断的记录,如果对每个证据单独地进行观察,可能是难以判断是否是入侵,而把许多先后证据关联起来,专家或管理人员根据经验能够判断访问的合法性,本文试图引入人工智能中证据理论的推理策略和示例学习方法,代替人工检查分析,可以提高效率,降低误警率,并可以对一个正在进行得可疑访问实现实时检测,通过搜索及时判断,及时阻断非法访问,比事后得人工处理更有意义。