An intrusion detection system collects and analyzes information from different areas within a computer or a network to identify possible security threats that include threats from both outside as well as inside of the...An intrusion detection system collects and analyzes information from different areas within a computer or a network to identify possible security threats that include threats from both outside as well as inside of the organization. It deals with large amount of data, which contains various ir-relevant and redundant features and results in increased processing time and low detection rate. Therefore, feature selection should be treated as an indispensable pre-processing step to improve the overall system performance significantly while mining on huge datasets. In this context, in this paper, we focus on a two-step approach of feature selection based on Random Forest. The first step selects the features with higher variable importance score and guides the initialization of search process for the second step whose outputs the final feature subset for classification and in-terpretation. The effectiveness of this algorithm is demonstrated on KDD’99 intrusion detection datasets, which are based on DARPA 98 dataset, provides labeled data for researchers working in the field of intrusion detection. The important deficiency in the KDD’99 data set is the huge number of redundant records as observed earlier. Therefore, we have derived a data set RRE-KDD by eliminating redundant record from KDD’99 train and test dataset, so the classifiers and feature selection method will not be biased towards more frequent records. This RRE-KDD consists of both KDD99Train+ and KDD99Test+ dataset for training and testing purposes, respectively. The experimental results show that the Random Forest based proposed approach can select most im-portant and relevant features useful for classification, which, in turn, reduces not only the number of input features and time but also increases the classification accuracy.展开更多
In recent years,machine learning technology has been widely used for timely network attack detection and classification.However,due to the large number of network traffic and the complex and variable nature of malicio...In recent years,machine learning technology has been widely used for timely network attack detection and classification.However,due to the large number of network traffic and the complex and variable nature of malicious attacks,many challenges have arisen in the field of network intrusion detection.Aiming at the problem that massive and high-dimensional data in cloud computing networks will have a negative impact on anomaly detection,this paper proposes a Bi-LSTM method based on attention mechanism,which learns by transmitting IDS data to multiple hidden layers.Abstract information and high-dimensional feature representation in network data messages are used to improve the accuracy of intrusion detection.In the experiment,we use the public data set KDD-Cup 99 for verification.The experimental results show that the model can effectively detect unpredictable malicious behaviors under the current network environment,improve detection accuracy and reduce false positive rate compared with traditional intrusion detection methods.展开更多
为了减少分布式拒绝服务攻击(DDoS),将蚂蚱优化算法(GOA)与机器学习算法结合使用,通过创建入侵检测系统(IDS)来满足监控环境的要求,并能够区分正常和攻击流量。所设计的基于GOA的IDS技术(GOIDS)能够从原始IDS数据集中选择最相关的特征...为了减少分布式拒绝服务攻击(DDoS),将蚂蚱优化算法(GOA)与机器学习算法结合使用,通过创建入侵检测系统(IDS)来满足监控环境的要求,并能够区分正常和攻击流量。所设计的基于GOA的IDS技术(GOIDS)能够从原始IDS数据集中选择最相关的特征来帮助区分典型的低速DDoS攻击,然后将选择的特征传递给支持向量机(SVM)、决策树(DT)、朴素贝叶斯(NB)和多层感知器(MLP)等分类器来识别攻击类型。利用KDD Cup 99和CIC-IDS 2017公开数据集作为实验数据,仿真结果表明,基于决策树的GOIDS具有较高的检测率和较低的假阳性率。展开更多
文摘An intrusion detection system collects and analyzes information from different areas within a computer or a network to identify possible security threats that include threats from both outside as well as inside of the organization. It deals with large amount of data, which contains various ir-relevant and redundant features and results in increased processing time and low detection rate. Therefore, feature selection should be treated as an indispensable pre-processing step to improve the overall system performance significantly while mining on huge datasets. In this context, in this paper, we focus on a two-step approach of feature selection based on Random Forest. The first step selects the features with higher variable importance score and guides the initialization of search process for the second step whose outputs the final feature subset for classification and in-terpretation. The effectiveness of this algorithm is demonstrated on KDD’99 intrusion detection datasets, which are based on DARPA 98 dataset, provides labeled data for researchers working in the field of intrusion detection. The important deficiency in the KDD’99 data set is the huge number of redundant records as observed earlier. Therefore, we have derived a data set RRE-KDD by eliminating redundant record from KDD’99 train and test dataset, so the classifiers and feature selection method will not be biased towards more frequent records. This RRE-KDD consists of both KDD99Train+ and KDD99Test+ dataset for training and testing purposes, respectively. The experimental results show that the Random Forest based proposed approach can select most im-portant and relevant features useful for classification, which, in turn, reduces not only the number of input features and time but also increases the classification accuracy.
基金This work is supported by the National Key R&D Program of China(2017YFB0802703)Major Scientific and Technological Special Project of Guizhou Province(20183001)+1 种基金Open Foundation of Guizhou Provincial Key VOLUME XX,2019 Laboratory of Public Big Data(2018BDKFJJ014)Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ019,2018BDKFJJ022).
文摘In recent years,machine learning technology has been widely used for timely network attack detection and classification.However,due to the large number of network traffic and the complex and variable nature of malicious attacks,many challenges have arisen in the field of network intrusion detection.Aiming at the problem that massive and high-dimensional data in cloud computing networks will have a negative impact on anomaly detection,this paper proposes a Bi-LSTM method based on attention mechanism,which learns by transmitting IDS data to multiple hidden layers.Abstract information and high-dimensional feature representation in network data messages are used to improve the accuracy of intrusion detection.In the experiment,we use the public data set KDD-Cup 99 for verification.The experimental results show that the model can effectively detect unpredictable malicious behaviors under the current network environment,improve detection accuracy and reduce false positive rate compared with traditional intrusion detection methods.
文摘为了减少分布式拒绝服务攻击(DDoS),将蚂蚱优化算法(GOA)与机器学习算法结合使用,通过创建入侵检测系统(IDS)来满足监控环境的要求,并能够区分正常和攻击流量。所设计的基于GOA的IDS技术(GOIDS)能够从原始IDS数据集中选择最相关的特征来帮助区分典型的低速DDoS攻击,然后将选择的特征传递给支持向量机(SVM)、决策树(DT)、朴素贝叶斯(NB)和多层感知器(MLP)等分类器来识别攻击类型。利用KDD Cup 99和CIC-IDS 2017公开数据集作为实验数据,仿真结果表明,基于决策树的GOIDS具有较高的检测率和较低的假阳性率。
