摘要
在网络骨干链路的高速、大数据量环境下,相对于正常数据,攻击及异常数据相对较少,进行实时入侵检测难度大。针对此问题,提出了一种基于改进非广延熵特征提取和双随机森林的实时入侵检测方法。利用非广延熵,提取出流量属性取值分布的多维特征,通过对非广延熵的改进来降低特征间的相关性。使用完整的特征样本集建立第一个随机森林检测模型,使用包含攻击数据的特征样本子集建立第二个随机森林检测模型,通过双随机森林检测算法实现对少量异常的有效检测。实验结果表明,该方法能够在有限流量信息的基础上获得较高的检测精确率和召回率,其时间和空间复杂度适当,适合于对骨干链路的实时入侵检测。
This paper proposed an intrusion detection method that can be used in high speed network backbone. Based on non-extensive entropy with different parameters, the original distribution of the values of attributes was decomposed to high dimensional features. Using these detailed features, the detection model based on random forest was construe- ted. For the purpose of increasing detection accuracy and recall further, the second random forest detection model was constructed with the attack instances only. The experimental results suggest that proposed intrusion detection method can achieve competitive detection precision with a high recall.
出处
《计算机科学》
CSCD
北大核心
2013年第12期192-196,218,共6页
Computer Science
基金
信息保障技术重点实验室开放基金(KJ-12-04)资助
关键词
网络流量
入侵检测
非广延熵
随机森林
Network traffic, Intrusion detection, Non-extensive entropy, Random forest
