摘要
入侵检测数据维数大、数据样本不均衡、数据集分散性大的问题严重影响分类性能,为了解决该问题,文章提出基于极限随机树的特征递归消除(Extra Trees-Recursive Feature Elimination,ET-RFE)和LightGBM(LGBM)的入侵检测方法。首先对网络数据进行独热编码重构,在数据级层面均衡少量样本的攻击类别;其次,使用基于ET-RFE对流量特征进行降维处理,寻找含有信息量最大的最优特征子集;最后,将得到的最优特征子集作为LGBM输入数据集进行分类训练,并利用贝叶斯算法对LGBM参数进行优化。实验采用真实的网络流量数据集UNSW-NB15,通过与随机森林(RF)、XGboost算法和GALR-DT算法比较可得,文章所提方法能够有效提高检测率,并对小样本攻击类型实现有效的召回率。
The classification performance is seriously affected by the problems of large data dimension,unbalanced data sample and large dispersion of intrusion detection dataset.This paper proposed an intrusion detection method based on extra trees(ET)-recursive feature elimination(ET-RFE)and LightGBM(LGBM).Firstly,the network data was reconstructed by the one-hot encoding,and the attack class of a small number of samples was balanced in the data level.Secondly,ET-RFE based on ET was used for feature selection and dimension reduction of traffic features to find the optimal feature subset with the largest information.Finally,the obtained optimal feature subset was used as the LGBM input data set for classification training,and the Bayesian algorithm was used to optimize the LGBM parameters.In the real network traffic dataset UNSW-NB15,compared with the random forest(RF),XGboost algorithm and GALR-DT,the results show that the proposed method can effectively improve the detection rate,and achieve an effective recall rate for small sample attack types.
作者
何红艳
黄国言
张炳
贾大苗
HE Hongyan;HUANG Guoyan;ZHANG Bing;JIA Damiao(Department of Information Science and Engineering,Yanshan University,Qinhuangdao 066001,China;Hebei Key Laboratory of Software Engineering,Qinhuangdao 066001,China)
出处
《信息网络安全》
CSCD
北大核心
2022年第1期64-71,共8页
Netinfo Security
基金
国家自然科学基金[61772449,61807028,61802332]
河北省自然科学基金[F2019203120]
博士后科研择优资助项目[B2017003005]。
