期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

多层极限学习机在入侵检测中的应用 被引量:18

Intrusion detection based on multiple layer extreme learning machine
下载PDF
导出
摘要 针对神经网络在入侵检测应用存在的维度高、数据大、获取标记样本难、特征构造难、训练难等问题,提出了一种基于深度多层极限学习机(ML-ELM)的入侵检测方法。首先,采用多层网络结构和深度学习方法抽取检测样本最高层次的抽象特征,用奇异值对入侵检测数据进行特征表达;然后,利用极限学习机(ELM)建立入侵检测数据的分类模型;其次,利用逐层的无监督学习方法解决入侵检测获取标记样本难的问题;最后采用KDD99数据集对该方法的性能进行了验证。实验结果表明:多层极限学习机的方法提高了检测正确率,检测漏报率也低至0.48%,检测速度比其他深度模型的检测方法提高了6倍以上。同时在极少标记样本的情况下仍有85%以上的正确率。通过多层网络结构的构建提高了对U2L、R2L这两类攻击的检测率。该方法集成深度学习和无监督学习的优点,能对高维度,大数据的网络记录用较少的参数得到更好的表达,在入侵检测的检测速度以及特征表达两个方面都具有优势。 In view of high dimension, big data, the difficulty of getting labeled samples, the problem of feature expression and training existed in the application of neural network in intrusion detection, an intrusion detection method based on Multiple Layer Extreme Learning Machine (ML-ELM) was proposed in this paper. Firstly, the highest level abstract features of the detection samples were extracted by muhi-layer network structure and deep learning method. The characteristics of intrusion detection data were expressed by singular values. Secondly, the Extreme Learning Machine (ELM) was used to establish the classification model of intrusion detection data. Then, the problem that hard to obtain labeled samples was solved by using a layer by layer unsupervised learning method. Finally, the KDD 99 dataset was used to test the performance of ML- ELM. The experimental results show that the proposed model can improve the detection accuracy, and the false negative rate of detection is low to 0.48%. The detection speed can be improved by more than 6 times compared with other depth detection methods. What's more, the detection accuracy is still more than 85% in the case of a few labeled samples. The detection rates of U2L attack and R2L attack are improved by constructing muhi-layer network structure. The method integrates the advantages of deep learning and unsupervised learning. It can express these features of high dimension and large data well using fewer parameters. It also has a good performance in intrusion detection rate and characteristic expression.
作者 康松林 刘乐 刘楚楚 廖锓
机构地区 中南大学信息科学与工程学院
出处 《计算机应用》 CSCD 北大核心 2015年第9期2513-2518,共6页 journal of Computer Applications
基金 国家自然科学基金资助项目(60773013)
关键词 入侵检测 高维度 大数据 标记样本 特征构造 训练 多层极限学习机 intrusion detection high dimension big data labeled sample feature expression training Multiple LayerExtreme Learning Machine (ML-ELM)
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献23

  • 1顾晓清,王洪元,倪彤光,丁辉.基于时间序列分析的应用层DDoS攻击检测[J].计算机应用,2013,33(8):2228-2231. 被引量:9
  • 2王令剑,滕少华.聚类和时间序列分析在入侵检测中的应用[J].计算机应用,2010,30(3):699-701. 被引量:11
  • 3KAVITHA B, KARTHIKEYAN D S, MAYBELL P S. An ensemble design of intrusion detection system for handling uncertainty using neutrosophic logic classifier [ J]. Knowledge-Based Systems, 2012, 28(4) : 88 -96.
  • 4黄会群,孙虹.粒子群选择特征和信息增益确定特征权值的入侵检测[J].计算机应用,2014,34(6):1686-1688. 被引量:8
  • 5MRUTYUNJAYA P, AJITH A, MANAS R P. A hybrid intelligent approach for network intrusion detection [ J]. Procedia Engineering, 2012,30(1): 1 -9.
  • 6HUWAIDA T E, IZZELDIN M O. Alert correlation in collaborative intelligent intrusion detection systems[ J]. Applied Soft Computing, 2011, 11 (7) : 4349 - 4365.
  • 7BENGIO Y. Learning deep architectures for AI[ J]. Foundations and Trends in Machine Learning, 2009,2(1) : 1 - 127.
  • 8HINTON G E, SALAKHUTDINOV R R. Reducing the dimensional- ity of data with neural networks [ J]. Science, 2006, 313(5786): 504 - 507.
  • 9SALAKHUTDINOV R, HINTON G. An efficient learning procedure for deep Boltzmann machines[J]. Neural Computation, 2012, 24 (8) : 1967 -2006.
  • 10HUANG G B, ZHU Q Y, SIEW C K. Extreme learning machine: theory and applications [J]. Neurocomputing, 2006,70(1) :489 - 501.

二级参考文献53

  • 1孙钦东,张德运,高鹏.基于时间序列分析的分布式拒绝服务攻击检测[J].计算机学报,2005,28(5):767-773. 被引量:55
  • 2赵铁山,李增智,高波.时间序列模型在入侵检测中的应用研究[J].计算机工程与设计,2005,26(5):1128-1129. 被引量:3
  • 3杨智君,田地,马骏骁,隋欣,周斌.入侵检测技术研究综述[J].计算机工程与设计,2006,27(12):2119-2123. 被引量:45
  • 4PORTNOY L,ESKIN E,STOLFO S J.Intrusion detection with unlabeled data using clustering[C]// DMSA 2001:Proceedings of 2001 ACM CSS Workshop on Data Mining Applied to Security.Phila delphia,PA:ACM Press,2001:5-8.
  • 5LAZAREVIC A,ERTOZ L,KUMAR V,et al.A comparative study of anomaly detection schemes in network intrusion detection[C]// Proceedings of the 3rd SIAM Conference on Data Mining.New York:ACM Press,2003:801-813.
  • 6University of California.KDD Cup 1999 DATASETS[EB/OL].[2009-04-20].http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
  • 7LEE W.A data mining framework for building intrusion models[C]// Proceedings of the 1999 IEEE Symposium on Security and Privacy.Washington,DC:IEEE Computer Society,1999:120-132.
  • 8TENG SHAO-HUA,ZHANG WEI,ZHU ZHO-HUI,et al.DDoS attack detection and defense based on feature and data fusion[J].System and Information Sciences Notes,2007,1(4):390-395.
  • 9Tsang Chi-ho,Kwong Sam,and Wang Han-li.Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection[J].Pattern Recognition,2007,40(9):2373-2391.
  • 10Helmer G,Wong J S K,and Honavar V,et al..Automated discovery of concise predictive rules for intrusion detection[J].Journal of Systems and Software,2002,60(3):165-175.

共引文献34

同被引文献108

引证文献18

二级引证文献121

计算机应用
2015年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部