摘要
针对入侵检测系统(IDS)对User-to-Root (U2R)类型攻击检测率低的问题,文章提出了一种改进的人工蜂群(ABC)算法结合优化的随机森林(RF)算法的攻击检测模型。该模型首先对传统ABC算法的初始化方法和搜索策略进行改进,优化传统RF算法对特征重要性得分的排序方式,然后将两种改进的算法相结合,进行U2R攻击检测。使用NSL-KDD数据集进行实验,结果表明,该攻击检测模型能够准确地提取攻击类型的最优特征集,对攻击数据进行分类预测,有效提高了IDS对U2R类型攻击的检测率。
Aiming at the problem of low detection rate of U2R attacks in IDS,this paper proposes a model that combined an improved artificial bee colony algorithm(ABC)with the optimized random forest(RF).Firstly,the model improved the initialization method and search strategy of the traditional ABC,optimized the method of ranking of feature importance scores in the traditional RF.Then the model combined the two improved algorithm.Experiments with NSL-KDD datasets show that the attack detection model based on the improved artificial bee combined with the optimization random forest algorithm(RF-IABC)can extract the optimal feature set of attack type accurately,then classify and predict the attack data,improve the detection rate of U2R type attacks by IDS effectively.
作者
翟继强
肖亚军
杨海陆
王健
ZHAI Jiqiang;XIAO Yajun;YANG Hailu;WANG Jian(School of Computer Science and Technology,IHarbin University of Science and Technology,IHarbin Heilongiang 150080,China)
出处
《信息网络安全》
CSCD
北大核心
2018年第12期38-45,共8页
Netinfo Security
基金
国家自然科学基金[61403109]
黑龙江省自然科学基金[F2016024]
黑龙江省教育厅科技面上项目[12531121]
