摘要
入侵检测是网络安全领域中具有挑战性和重要性的任务。现有研究以增加时间消耗和误报率为代价,重点关注如何提高检测率,在实际应用中代价较大。为此,本文提出了一种使用双层异质学习器集成学习策略的入侵检测IDHEL模型。该模型使用概率核主成分分析方法降低数据维度,采用多个异质分类器通过分层十折交叉验证策略进行异常检测,并根据所提出的分类器评估算法筛选出在相关数据上表现最佳的三种分类器,基于概率加权投票的多分类器集成算法进行入侵检测。实验结果表明IDHEL模型在准确率、错误率和时间消耗方面均优于现有主流入侵检测模型。
Intrusion detection is a challenging and important task.Nowadays,researchers proposed many intrusion detection models and technologies.However,existing research focused on how to increase detection rate at the cost of increasing time consumption and false positive rate,which is costly in practical application.In this paper,we propose a novel intrusion detection model using double-layer heterogeneous ensemble learner strategy(IDHEL).This model first uses probabilistic kernel principal component analysis to efficiently reduce the data dimension,in order to reduce the computational overhead.Then,multiple heterogeneous classifiers are adopted for anomaly detection by a layered ten-fold cross validation strategy.Finally,IDHEL chooses the best three classifiers based on probability-weighted voting for intrusion detection.We compare the IDHEL model with existing algorithms,and the experimental results have shown that the IDHEL model is superior to other models in terms of accuracy,False Positive Rate(FPR)and time consumption.
作者
凌玥
刘玉岭
姜波
李宁
卢志刚
刘宝旭
LING Yue;LIU Yuling;JIANG Bo;LI Ning;LU Zhigang;LIU Baoxu(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China)
出处
《信息安全学报》
CSCD
2021年第3期16-28,共13页
Journal of Cyber Security
基金
中国自然科学基金(No.61702508,No.61802404)
国家重点研发计划课题(No.2016YFF0204002,No.2016YFF0204003)
“十三五”装备预研领域基金(No.6140002020115)的支持
中国科学院网络评估技术重点实验室和北京市网络安全与保护技术重点实验室的部分支持。
关键词
入侵检测
异质学习器集成
概率核主成分分析
分类器评估
概率加权投票
intrusion detection
heterogeneous classifiers ensemble
probabilistic kernel principal component analysis
classifier evaluation
probability weighted voting
