摘要
入侵检测对于网络安全至关重要,不平衡或易混淆的训练样本往往导致传统入侵检测算法效率不佳。为此,提出一种小样本纠错的多层检测分类模型。首先,通过正交投影降维分类算法,使用入侵检测数据集的训练集构建第一层的初筛分类器,将待测样本粗分为三类;然后基于支持向量机及随机森林算法构造第二层和第三层的级联分类器组,每层逐步纠错前面层,并细分至五类;最后,用开源入侵检测评测数据集NSL-KDD进行实验。实验结果表明,本文的方法显著提高了对于拒绝服务攻击(Denial of Service,DoS)、探测攻击(Probe)、未经授权的远程访问(Remote to Local,R2L)类攻击样本的准确率,整体召回率及准确率优于同类研究。
Intrusion detection is very important for network security.Traditional intrusion detection algorithms are often affected by biased training samples and misleading characteristics of attack behaviors.Therefore,a selfcorrection small sample classifier for intrusion detection is proposed.First,an orthogonal projection classification method roughly divides training data set into three groups.Then,based on support vector machine and random forest algorithm,sub-classifiers are constructed layer by layer to refine the results iteratively.Finally,by combining results of all sub-classifiers,a classifier for the NSL-KDD data set is constructed.Experimental results show that the proposed classifier surpasses its competitors in the detection accuracy of Do S(Denial of Service),Probe and R2 L(Remote to Local).The overall recall and accuracy rates are better than others.
作者
滕少华
陈成
霍颖翔
Teng Shao-hua;Chen Cheng;Huo Ying-xiang(School of Computers,Guangdong University of Technology,Guangzhou 510006,China)
出处
《广东工业大学学报》
CAS
2020年第3期9-16,共8页
Journal of Guangdong University of Technology
基金
国家自然科学基金资助项目(61972102)
广东省教育厅资助项目(粤教高函〔2018〕179号,粤教高函〔2018〕1号)
广州市科技计划项目(201903010107,201802030011,201802010026,201802010042,201604046017)。
关键词
入侵检测
降维分类
纠错
不平衡数据集
intrusion detection
dimension reduction
self-correction
biased dataset