期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

网络入侵检测的GEP规则提取算法研究 被引量:1

Study on GEP Rule Extraction Algorithm for Network Intrusion Detection
下载PDF
导出
摘要 针对基于机器学习网络入侵检测存在的未知攻击检测率低、规则多而复杂导致检测效率不高等问题,提出了基于约束的基因表达式编程(GEP)规则提取算法(CGREA)。用GEP模式表示入侵检测规则,定义了约束文法对规则个体进行约束,以满足规则的充分性和封闭性。CGREA算法限定GEP规则基因头部各类符号的随机选择数目比例,并采用精英策略以保证算法收敛性。用KDD CUP’99数据集对CGREA算法提取的入侵检测规则进行评估,总攻击检测率为91.36%,其中有3种未知攻击的检测率超过88%。结果表明,CGREA算法能在较小种群和有限代数内提取出简单而有效的规则,未知攻击检测率和检测性能也得到提高。 Network intrusion detection based on machine learning suffers from the problems of low detection ratio for unknown intrusion and low detection efficiency due to many complex rules. To solve these problems, a constraint-based gene expression programming (GEP) rule extraction algorithm (CGREA) was proposed. The intrusion detection rules were represented based on GEP model, and a constraint grammar was defined to guarantee the rules closeness and ade- quacy. It restricted the ratio of randomly selecting various symbols in the gene head of GEP rules, and used the elitist strategy to guarantee convergence. The KDD CUP' 99 DATA Set was used for evaluation the intrusion detection rules auto-extracted by CGREA. A 91% probability of detection was achieved, and three unknown attacks' probabilities of detection were more than 88%. These results indicate that the intrusion detection rules that extracted by CGREA are effective, simple,and capable of detecting unknown intrusions. Moreover, the efficiency of rule generation and detection is improved.
作者 唐菀 曹阳 杨喜敏 覃俊
机构地区 武汉大学电子信息学院软件工程国家重点实验室 中南民族大学计算机科学学院 华中科技大学计算机科学与技术学院
出处 《计算机科学》 CSCD 北大核心 2009年第11期79-82,共4页 Computer Science
基金 国家重点基础研究发展计划(2004CB318203) 国家自然科学基金(60603008) 湖北省自然科学基金(BZY07008)资助
关键词 网络入侵检测 基因表达式编程 规则提取 约束文法 精英策略 Network intrusion detection, GEP (gene expression programming), Rule extraction, Constraint grammar, Elitist strategy
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献13

  • 1Eskin E, Arnold A, Prerau M, et al. Geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data[C]//Applications of Data Mining in Computer Security. Boston: Kluwer Academic Publishers, 2002 : 77-102.
  • 2Bouzida Y,Cuppens F. Neural networks vs. decision trees for intrusion detection[C]// IEEE / IST Workshop on Monitoring, Attack Detection and Mitigation (MonAM). Tuebingen, Germany, Sep 2006 : 81-88.
  • 3Levin I. KDD99 classifier learning contest LLsoft's results overview[C] // ACM SIGKDD. Boston; ACM, 2000,1 (2) : 67-75.
  • 4Elkan C. Results of the KDD'99 Classifier Learning[C]//ACM SIGKDD. Boston: ACM, 2000,1 (2) : 63-64.
  • 5郑洪英,廖晓峰,倪霖,肖迪.进化算法及其在入侵检测中的应用[J].计算机科学,2007,34(11):162-163. 被引量:2
  • 6Abraham A, Grosan C, Martin-Vide C. Evolutionary Design of Intrusion Detection Programs[J]. International Journal of Network Security (S1816-353X), 2007,4 (3) : 328-339.
  • 7Ferreira C. Gene expression programming: mathematical modeling by an artificial intelligence(2nd edition) [M]. Berlin: Springer, 2006 : 422-455.
  • 8潘正君,康力山,陈毓屏.进化计算[M].北京:清华大学出版社,1998.
  • 9唐菀,杨喜敏,谢夏,曹阳.GEP的网络入侵检测规则约束及演化策略[J].华中科技大学学报(自然科学版),2008,36(11):60-63. 被引量:3
  • 10Zhou C, Xiao W, Tirpak T M. Evolving accurate and compact classification rules with gene expression programming[J]. IEEE Transactions on Evolutionary Computation, 2003,7(6) : 519-531.

二级参考文献26

  • 1Abraham A, Grosan C. Genetic systems programming: theory and experiences (Studies in computational intelligence) [M]. Berlin: Springer-Verlag,2006.
  • 2Sherif J S, Ayers R, Dearmond T G. Intrusion detection: the art and the practice(Part 1)[J]. Information Management & Computer Security, 2003, 11(4) : 175-186.
  • 3Gong R H, Zulkernine M, Abolmaesumi P. A soft-ware implementation of a genetic algorithm based approach to network intrusion detection[C]//Proc of Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/ Distributed Computing and First ACIS International Workshop on Self-assembling Wireless Networks (SNPD/SAWN' 05 ). Towson, Maryland: IEEE Computer Society, 2005: 246-253.
  • 4Lu W, Traore I. Detecting new forms of network in trusion using genetic programming[J]. Computation al Intelligence, 2004, 20(3): 475-494.
  • 5G omez J, Dasgupta D. Complete expression trees for evolving fuzzy elassifier systems with genetic algorithms and application to network intrusion detection [C]//Proc of the North American Fuzzy Information Soeiety, Annual Meeting of the North American ( NAFIPS-FLINT 2002 ). New Orleans: IEEE Press, 2002: 161-168.
  • 6Song D, Heywood M I, Zincir-Heywood A N. A linear genetic programming approach tO intrusion detection[C]///Proc of Genetic and Evolutionary Computation Conference (GECCO 2003 ). Berlin: Springer Verlag, 2003: 2 325-2 336.
  • 7Ferreira C. Gene expression programming: mathematical modeling by an artificial intelligence [ M]. Berlin: Springer-Verlag, 2006.
  • 8Zhou C, Xiao W, Tirpak T M. Evolving accurate and compact classification rules with gene expression programming[J]. IEEE Transactions on Evolutionary Computation, 2003, 7(6): 519-531.
  • 9ACM Special Interest Group on Knowledge Discorery and Data Mining. KDD CUP' 99 DATA Set [EB/ OL]. [2007-03-19]. http: //kdd. ics. uci. edu/data- bases/kddcup99/kddcup99. html.
  • 10Sabhnani M, Serpen G. Why machine learning algorithm fail in misuse detection on KDD intrusion detection data set[J]. Journal of Intelligent Data Analysis, 2004, 8(4): 403-415.

共引文献7

同被引文献11

引证文献1

二级引证文献1

计算机科学
2009年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部