摘要
入侵检测系统(IDS)已成为网络安全体系结构中的必要组成部分。在面对现代网络安全需求时,现有的入侵检测方法的可行性和持续性仍然存在提高空间,主要体现在更早地发现入侵威胁和提高入侵检测系统的检测精准度,为此提出一种基于互信息加权的集成迁移学习(ETL)入侵检测方法。首先,通过迁移策略对多组特征集进行建模;然后,使用互信息度量在迁移模型下特征集在不同域中的数据分布;最后,根据度量值对多个迁移模型进行集成加权,得到集成迁移模型。该方法通过学习新环境下的少量有标记样本和以往环境下的大量有标记样本的知识,可以建立效果优于传统非集成、非迁移的入侵检测模型。使用基准NSL-KDD数据集对该方法进行评估,实验结果表明,所提方法具有良好的收敛性能,并提高了入侵检测的精准率。
Intrusion Detection System(IDS)has become an essential part of network security system,the practicability and durability of the existing intrusion detection methods still have improvement space,like detecting intrusion threats earlier and improving the detection accuracy of intrusion detection systems.Therefore,an intrusion detection method based on Ensemble Transfer Learning(ETL)via weighted mutual information was proposed.Firstly,the transfer strategy was used to model multiple feature sets,then the mutual information was used to measure the data attribution of feature sets under the transfer models in different domains.Finally,the weighted ensemble was performed to the multiple transfer models according to the measures,obtaining the ensemble transfer model.The method was able to construct the intrusion detection model better than the traditional models without ensemble or transfer learning by learning the knowledge of little labeled samples in the new environment and many labeled samples in the prior environment.The benchmark NSL-KDD dataset was used to evaluate the proposed method and the results show that the proposed method has good convergence performance and improve the accuracy of intrusion detection.
作者
胡健
苏永东
黄文载
肖鹏
刘玉婷
杨本富
HU Jian;SU Yongdong;HUANG Wenzai;XIAO Peng;LIU Yuting;YANG Benfu(Information Center,Yunnan Power Grid Company Limited,Kunming Yunnan 650217,China;Yunnan Yundian Tongfang Technology Company Limited,Kunming Yunnan 650217,China)
出处
《计算机应用》
CSCD
北大核心
2019年第11期3310-3315,共6页
journal of Computer Applications
关键词
入侵检测
迁移学习
互信息
集成学习
加权集成
intrusion detection
transfer learning
mutual information
ensemble learning
weighted ensemble
