摘要
作为识别攻击或异常行为以保护网络安全的重要步骤之一,网络入侵检测常常与数据挖掘或机器学习技术结合应用.如今,随着网络数据的爆炸性增长,传统的入侵检测技术面临着海量数据检测处理的问题,现有入侵检测系统往往难以同时满足实时性和有效性的需求.本文尝试将可拓学中的可拓距概念引入网络入侵检测研究中,提出了一种基于可拓距的特征变换方法,将数据点的原特征映射为簇外中心距和簇内可拓距这两大部分,根据原始数据多维特征生成新的特征,以达到特征降维的目的,旨在同时满足网络入侵检测系统的实时性和有效性的需求.本文使用KDD CUP 99作为仿真数据集测试所提出的基于可拓距的方法在网络入侵检测特征变换中的应用效果.实验结果表明,较之传统的KNN算法,基于可拓距的方法明显地减少了检测时间,而同时其检测率的下降可以控制在1%之内,具有较好的时效性优势.
As one of the important steps to identify attacks or abnormal behavior to protect network security,network intrusion detection is often used in conjunction with data mining or machine learning techniques.Nowadays,with the explosive growth of network data,the traditional intrusion detection technology is faced with the problem of massive data detection and processing.The existing intrusion detection system is often difficult to meet the real-time demand and the effective demand at the same time.This paper attempts to introduce the concept of extension distance from Extenics into the research of network intrusion detection,and proposes a feature transformation method based on extension distance,which maps the original features of data points into two parts,namely center distance out of the cluster and extension distance in the cluster,the new features are generated according to the multidimensional features of the original data,in order to meet the purpose of reducing feature dimensionality and satisfying the real-time performance and the effectiveness of the network intrusion detection system at the same time.In this paper,KDD CUP 99 data set is used as the simulation data set to test the effectiveness of the proposed method which based on extended distance and using in network intrusion detection.The experimental results show that compared with the traditional KNN algorithm,the new method which based on extended distance can obviously reduce the detection time,and the decrease of the detection rate can be controlled within 1%,so it has a better time advantage.
出处
《河南师范大学学报(自然科学版)》
CAS
北大核心
2017年第5期101-107,共7页
Journal of Henan Normal University(Natural Science Edition)
基金
国家自然科学基金(61602162
61440024
61502155)
湖北工业大学博士科研启动基金计划项目(BSQD12029)
关键词
网络入侵检测
特征变换
可拓学
簇外中心距
簇内可拓距
network intrusion detection
feature transformation
Extenics
cluster distance outer center distance
extension distance in the cluster