摘要
在大数据时代,入侵检测作为网络安全的一种重要技术手段被广泛采用.网络入侵检测数据不同的特征属性具有不同的量纲和量纲单位,为了消除特征属性之间的量纲影响,一般在进行数据分析之前采用归一化处理.当前网络入侵检测数据的归一化处理大多只考虑特征属性取值本身的分布情况,没有客观地评估它对类别信息或其他特征属性的影响.针对这个问题,提出了一种基于信息论的网络入侵检测数据归一化方法.对连续特征属性,它以联合信息增益作为区间的分割评估方法,以区间的类别占比作为标准依据进行归一化处理;对离散特征属性,它根据类别条件熵的占比进行了归一化处理.利用NSL-KDD数据集仿真实验,结果表明,该方法不仅能够提高学习算法的收敛性,而且归一化的结果有助于提高分类模型的检测率和降低分类模型的误报率.
In the era of big data,intrusion detection is widely used as an important means of network security.Different characteristics of network intrusion detection data have different dimension and dimension units.In order to eliminate the influence of dimension between feature attributes,normalization is usually done before data analysis.Most of the normalized processing only considers the distribution of the attribute value itself without objectively evaluating its influence on the category information or other characteristic attributes.Aiming at this problem,this paper proposes a method of normalizing network intrusion detection data based on information theory.For the continuous feature attributes,the joint information gain is taken as an evaluation method of interval segmentation,and normalization is done according to the proportion of the interval category.For the discrete feature attributes,normalization is done according to the proportion of the conditional entropy.Simulation results using NSL-KDD dataset show that the method can not only improve the convergence of learning algorithms,but also improve the detection rate of classification model and reduce the false alarm rate of classification model.
作者
宋勇
蔡志平
SONG Yong;CAI Zhiping(Department of Engineering Technology, H unan Vocational College for Nationalities, Yueyang 414000, H unan,China;College of Computer, National University of Defense Technology, Changsha 410073, Hunan, China)
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2018年第2期121-126,共6页
Journal of Wuhan University:Natural Science Edition
基金
国家自然科学基金资助项目(601379145)
关键词
归一化
入侵检测
联合信息增益
信息论
normalization
intrusion detection
joint information gain
information theory
