摘要
针对软件定义网络中入侵数据流特征差异性较大以及随机森林算法应用于入侵检测的适用性等问题,提出一种基于改进随机森林算法的入侵检测模型,依据Fisher比分析入侵数据特征差异性,按它们所对应的不同取值进行特征分区;引入加权的投票方法,以增加分类性能较好的决策树的权重;以最大信息增益率为标准进行节点分裂;改进网格搜索算法,使其对随机森林参数优化的效果得到进一步提高。通过实验分析,在模型的准确率、F1值、AUC值等评估指标上都有明显提升,验证了改进算法的有效性。
In view of the large differences in the characteristics of intrusion data streams in software-defined networks and the applicability of the random forest algorithm in intrusion detection,this paper proposes an intrusion detection model based on an improved random forest algorithm.We analyzed the differences in the characteristics of intrusion data based on the Fisher ratio,and conducted feature partitioning according to their corresponding values.A weighted voting method was introduced to increase the weight of the decision tree with better classification performance.The node was split based on the maximum information gain rate.The grid search algorithm was improved to further improve the effect of random forest parameter optimization.Through experimental analysis,the accuracy,F1 value,AUC value and other evaluation indicators of this model is significantly improved,which verifies the effectiveness of the improved algorithm.
作者
马群
胡佳卉
于雅静
Ma Qun;Hu Jiahui;Yu Yajing(China Mobile Communication Design Institute Limited Hebei Branch,Shijiazhuang 050000,Hebei,China;Intelligent Network&Innovation Center of China Unicom,Beijing 100000,China)
出处
《计算机应用与软件》
北大核心
2024年第11期379-385,共7页
Computer Applications and Software
关键词
软件定义网络
随机森林算法
入侵检测
FISHER准则
网格搜索算法
Software-defined network(SDN)
Random forest algorithm
Intrusion detection
Fisher criterion
Grid search algorithm
