摘要
针对现有网络入侵检测方法在识别稀有攻击时检测率低的问题,提出了一种基于联合攻击分类器的入侵检测方法。通过分离数据集获得普通攻击集和稀有攻击集,再基于所获得的子集分别训练攻击分类器来消除普通攻击模式对稀有攻击模式的影响。采用NSL-KDD数据集对该方法进行评估。实验结果表明,此联合攻击分类器在不影响普通攻击检测率的同时,提高了稀有攻击的检测率。
Aiming at the low detection rate of existing networks intrusion detection approaches in recognizing rare attacks. A joint attack classifier is designed for solving the problem. First, original dataset is split into common attack set and rare attack set. Then, those sets are used to train attack classifiers with the purpose of eliminating the influence of common attack patterns on rare attack patterns. The approach has been evaluated by using NSL-KDD dataset and the experimental results show it can gain higher detection rate for rare attacks without influence on common attacks, compared with the results in other existing research works.
作者
沈荔萍
钱俊彦
翟仲毅
SHEN Liping;QIAN Junyan;ZHAI Zhongyi(School of Computer Science and Information Security,Guilin University of Electronic Technology,Guilin 541004,China)
出处
《桂林电子科技大学学报》
2021年第5期387-392,共6页
Journal of Guilin University of Electronic Technology
基金
国家自然科学基金(61562015,61862016)
广西自然科学基金(2017GXNSFAA198283,2018GXNSFDA138003)
桂林电子科技大学研究生创新计划(2017YJCX51)。
关键词
网络入侵检测
稀有攻击
联合攻击分类器
检测率
network intrusion detection
rare attack
joint attack classifier
detection rate
