广东工业大学学报 ›› 2020, Vol. 37 ›› Issue (03): 9-16.doi: 10.12052/gdutxb.200036

• • 上一篇    下一篇

小样本纠错的多层入侵检测分类研究

滕少华, 陈成, 霍颖翔   

  1. 广东工业大学 计算机学院, 广东 广州 510006
  • 收稿日期:2020-02-27 出版日期:2020-05-12 发布日期:2020-05-12
  • 通信作者: 霍颖翔(1989-),男,硕士研究生,主要研究方向为信号处理,E-mail:yingxiang.huo@gmail.com E-mail:yingxiang.huo@gmail.com
  • 作者简介:滕少华(1962-),男,教授,主要研究方向为数据挖掘、网络安全、协同计算、大数据
  • 基金资助:
    国家自然科学基金资助项目(61972102);广东省教育厅资助项目(粤教高函〔2018〕179号,粤教高函〔2018〕1号);广州市科技计划项目(201903010107,201802030011,201802010026,201802010042,201604046017)

A Multi-Fold Self-Correction Small-Sample Classifier for Intrusion Detection

Teng Shao-hua, Chen Cheng, Huo Ying-xiang   

  1. School of Computers, Guangdong University of Technology, Guangzhou 510006, China
  • Received:2020-02-27 Online:2020-05-12 Published:2020-05-12

HTML

PDF (PC)

2895

摘要: 入侵检测对于网络安全至关重要,不平衡或易混淆的训练样本往往导致传统入侵检测算法效率不佳。为此,提出一种小样本纠错的多层检测分类模型。首先,通过正交投影降维分类算法,使用入侵检测数据集的训练集构建第一层的初筛分类器,将待测样本粗分为三类;然后基于支持向量机及随机森林算法构造第二层和第三层的级联分类器组,每层逐步纠错前面层,并细分至五类;最后,用开源入侵检测评测数据集NSL-KDD进行实验。实验结果表明,本文的方法显著提高了对于拒绝服务攻击(Denial of Service,DoS)、探测攻击(Probe)、未经授权的远程访问(Remote to Local,R2L)类攻击样本的准确率,整体召回率及准确率优于同类研究。

关键词: 入侵检测, 降维分类, 纠错, 不平衡数据集

Abstract: Intrusion detection is very important for network security. Traditional intrusion detection algorithms are often affected by biased training samples and misleading characteristics of attack behaviors. Therefore, a self-correction small sample classifier for intrusion detection is proposed. First, an orthogonal projection classification method roughly divides training data set into three groups. Then, based on support vector machine and random forest algorithm, sub-classifiers are constructed layer by layer to refine the results iteratively. Finally, by combining results of all sub-classifiers, a classifier for the NSL-KDD data set is constructed. Experimental results show that the proposed classifier surpasses its competitors in the detection accuracy of DoS (Denial of Service), Probe and R2L (Remote to Local). The overall recall and accuracy rates are better than others.

Key words: intrusion detection, dimension reduction, self-correction, biased dataset

中图分类号: 

  • TP391
[1] TENG S H, WU N Q, ZHU H B, et al. SVM-DT-based adaptive and collaborative intrusion detection [J]. IEEE/CAA Journal of Automatica Sinica, 2017, 5(1): 108-118
[2] SUN Z B, SONG Q B, ZHU X Y, et al. A novel ensemble method for classifying imbalanced data [J]. Pattern Recognition, 2015, 48(5): 1623-1637
[3] GUO H X, LI Y J, JENNIFER S, et al. Learning from class-imbalanced data: review of methods and applications [J]. Expert Systems with Applications, 2017, 73: 220-239
[4] TENG S H, ZHANG Z H, TENG L Y, et al. A collaborative intrusion detection model using a novel optimal weight strategy based on genetic algorithm for ensemble classifier[C]//Proceedings of IEEE 22nd International Conference on Computer Supported Cooperative Work in Design (CSCWD). Nanjing, China: IEEE, 2018: 761-766.
[5] 滕少华, 严远驰, 刘冬宁, 等. 基于FCM-C4.5的双过滤入侵检测机制[J]. 计算机应用与软件, 2016, 33(1): 307-311 TENG S H, YAN Y C, LIU D N, et al. A dual filtration intrusion detection mechanism based on FCM and C4.5[J]. Computer Applications and Software, 2016, 33(1): 307-311
[6] HWANG T S, LEE T J, LEE Y J. A three-tier IDS via data mining approach[C]//Proceedings of the 3rd Annual ACM Workshop on Mining Network Data. San Diego, California, USA: ACM, 2007: 1-6.
[7] LI Y, LI J L, YUE S J, et al. Research of intrusion detection based on ensemble learning model [J]. Applied Mechanics and Materials, 2013, 336-338(2): 2376-2380
[8] MAIRAL J, BACH F, PONCE J, et al. Online dictionary learning for sparse coding[C]//Proceedings of the 26th Annual International Conference on Machine Learning. Montreal. Quebec, Canada: IMLS, 2009: 689-696.
[9] 滕少华, 卢东略, 霍颖翔, 等. 基于正交投影的降维分类方法研究[J]. 广东工业大学学报, 2017, 34(3): 1-7 TENG S H, LU D L, HUO Y X, et al. Classification method based on dimension reduction [J]. Journal of Guangdong University of Technology, 2017, 34(3): 1-7
[10] BHOWAN U, JOHNSTON M, ZHANG M J, et al. Evolving diverse ensembles using genetic programming for classification with unbalanced data [J]. IEEE Transactions on Evolutionary Computation, 2012, 17(3): 368-386
[11] CATENI S, COLLA V, VANNUCCI M. A method for resampling imbalanced datasets in binary classification tasks for real-world problems [J]. Neurocomputing, 2014, 135: 32-41
[12] CAO H, LI X L, WOON D Y K, et al. Integrated oversampling for imbalanced time series classification [J]. IEEE Transactions on Knowledge and Data Engineering, 2013, 25(12): 2809-2822
[13] NEKOOEIMEHR I, LAI Y S K. Adaptive semi-unsupervised weighted oversampling (A-SUWO) for imbalanced datasets [J]. Expert Systems with Applications, 2016, 46: 405-416
[14] BREUNIG M M, KRIEGEL H P, NG R T, et al. LOF: identifying density-based local outliers[C]// Proceedings of 2000 ACM SIGMOD International Conference on Management of Data. New York: ACM, 2000, 29(2): 93-104
[15] INGRE B, YADAV A. Performance analysis of NSL-KDD dataset using ANN[C]//International Conference on Signal Processing and Communication Engineering Systems. Andaman and Nicobar Islands, India: IEEE, 2015: 92-96.
[16] 胡臻伟, 施勇, 薛质. 网络入侵检测的机器学习算法评估与比较[J]. 通信技术, 2017, 50(12): 158-163 HU Z W, SHI Y, XUE Z. Evaluation and comparison of machine-learning algorithm for net work intrusion detection [J]. Communications Technology, 2017, 50(12): 158-163
[17] GAIKWAD D, THOOL R C. Intrusion detection system using bagging ensemble method of machine learning[C]//2015 International Conference on Computing Communication Control and Automation. Pune, India: IEEE, 2015: 291-295.
[18] SALO F, NASSIF A B, ESSEX A. Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection [J]. Computer Networks, 2019, 148: 164-175
[19] JIANG L X, LI C Q, WU J, et al. A combined classification algorithm based on C4.5 and NB[C]//ISICA 2008: Proceeding of the Third International Symposium on Computation and Intelligence, LNCV 5370. Berlin: Spring-Verlag, 2008: 350-359.
[20] 姚滩, 王娟, 张胜利. 基于决策树与朴素贝叶斯分类的入侵检测模型[J]. 计算机应用, 2015, 35(10): 2883-2885 YAO T, WANG J, ZHANG S L. Intrusion detection model based on decision tree and Naive-Bayes classification [J]. Journal of Computer Applications, 2015, 35(10): 2883-2885
[21] GUO C, PING Y, LIU N, et al. A two-level hybrid approach for intrusion detection [J]. Neurocomputing, 2016, 214: 391-400
[22] LATAH M, TOKER L. An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks[J]. arXiv preprint arXiv: 1806.03875, 2018.
[23] HORNG S J, SU M Y, CHEN Y H, et al. A novel intrusion detection system based on hierarchical clustering and support vector machines [J]. Expert Systems with Applications, 2011, 38(1): 306-313
[24] PAJOUH H H, JAVIDAN R, KHAYAMI R, et al. A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks [J]. IEEE Transactions on Emerging Topics in Computing, 2019, 7(2): 314-323
[25] KIM G, LEE S, KIM S. A novel hybrid intrusion detection method integrating anomaly detection with misuse detection [J]. Expert Systems with Applications, 2014, 41(4): 1690-1700
[26] CAI J, LUO J W, WANG S L, et al. Feature selection in machine learning: a new perspective [J]. Neurocomputing, 2018, 300: 70-79
[27] JOVIĆ A, BRKIĆ K, BOGUNOVIĆ N. A review of feature selection methods with applications[C]//201538th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). Opatija, Croatia: IEEE, 2015: 1200-1205.
[28] LI J D, CHENG K W, WANG S H, et al. Feature selection [J]. ACM Computing Surveys, 2017, 50(6): 1-45
[29] VENKATESH B, ANURADHA J. A review of feature selection and its methods [J]. Cybernetics and Information Technologies, 2019, 19(1): 3-26
[30] DARSHAN S S, JAIDHAR C. Performance evaluation of filter-based feature selection techniques in classifying portable executable files [J]. Procedia Computer Science, 2018, 125: 346-356
[31] ALJAWARNEH S, ALDWAIRI M, YASSEIN M B. Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model [J]. Journal of Computational Science, 2018, 25: 152-160
[32] CHANG C C, LIN C J. LIBSVM: a library for support vector machines [J]. ACM Transactions on Intelligent Systems and Technology (TIST), 2011, 2(3): 1-27
[1] 莫日翔, 刘富春. 离散事件系统基于状态树的可纠错性及其算法研究[J]. 广东工业大学学报, 2015, 32(2): 53-57.
[2] 赵玉明; 滕少华; 张巍; 伍乃骐; . 异常入侵检测中数据挖掘技术RIPPER的应用[J]. 广东工业大学学报, 2005, 22(3): 48-52.
[3] 赵玉明; 张巍; 滕少华; . 一种实时的网络入侵检测系统——Bro的研究[J]. 广东工业大学学报, 2005, 22(2): 64-68.
[4] 张应利; 赵剑通; . 微机辅助销售决策管理信息系统的设计[J]. 广东工业大学学报, 1998, 15(4): 34-38.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
版权所有 © 2017 《广东工业大学学报》编辑部
地址:广州市东风东路729号广东工业大学 邮编:510090
电话:020-37626653,020-37626139,020-37626396
邮箱:xbzrb@gdut.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发