面向不完备信息网络的集成神经网络入侵检测方法

Intrusion Detection with Incomplete Information Based on Ensemble Neural Network

常见的基于人工智能的入侵检测算法要求完备的训练数据,否则易因数据类别不均衡、特征不完备等原因导致无法有效识别入侵行为。针对网络信息的不完备,本文提出一种面向不完备信息的集成神经网络入侵检测方法(intrusion detection with incomplete information based on ensemble neural network,IDII-ENN),解决不完备信息条件下检测准确率低、训练时间长的难题。首先,针对不完备的数据进行优化处理,提出基于bootstrap的采样方法,在保证其特征稳定的情况下实现数据的完备化;然后,构建基于前馈神经网络的入侵检测分类模型,实现轻量级的入侵检测分类;最后,设计基于投票策略的集成学习融合方法,实现对入侵行为的精准识别。实验结果表明:IDII-ENN对数据特征的敏感度较低,准确率相较完全基于前馈神经网络的检测模型(simplified feed-forward intrusion detection,SFID)提高了1%;同时训练效率相较基于稀疏自编码器(sprarse auto-encoder,SAE)的特征提取方法提高了近1倍,满足入侵检测实时性的需求。

The common intrusion detection algorithm based on artificial intelligence requires complete training data,otherwise it is easy to be unable to effectively identify intrusion behavior due to unbalanced data categories,incomplete fea-tures and other reasons.Aiming at the incompleteness of network information,in this article we propose intrusion detection with incomplete information based on ensemble neural network(IDII-ENN),which solves the problems of low detection accuracy and long training time under the condition of incomplete information.Firstly,aiming at the incomplete data,wepropose a bootstrap based sampling method to complete the data under the condition of feature stability.Secondly,we con-struct an intrusion detection classification model based on feed-forward neural network to achieve lightweight intrusion de-tection classification.Finally,we design an ensemble learning fusion method based on voting strategies to achieve accurateidentification of intrusions.The experimental results show that the sensitivity of IDII-ENN to data features was low,and the accuracy was 1%higher than that of simplified feed-forward intrusion detection(SFID).At the same time,the training effi-ciency of the model was nearly doubled compared with sparse auto-encoder(SAE),which meets the demand of real-time intrusion detection.