在基于人工免疫的入侵检测研究领域,一般都是应用随机产生字符串的方法来生成检测器。这种方法生成检测器的速度较慢,而且生成的检测器集的检测率低。由于非我样本中存在着关于非我空间的信息,提出通过应用非我样本来初始化基因库并应...在基于人工免疫的入侵检测研究领域,一般都是应用随机产生字符串的方法来生成检测器。这种方法生成检测器的速度较慢,而且生成的检测器集的检测率低。由于非我样本中存在着关于非我空间的信息,提出通过应用非我样本来初始化基因库并应用基因库来生成检测器的方法来检测入侵。应用KDD Cup 1999入侵检测数据集,通过实验证明该方法是有效的,能更快地生成检测率更高的检测器集。展开更多
Nowadays,Internet has become an indispensable part of daily life and is used in many fields.Due to the large amount of Internet traffic,computers are subject to various security threats,which may cause serious economi...Nowadays,Internet has become an indispensable part of daily life and is used in many fields.Due to the large amount of Internet traffic,computers are subject to various security threats,which may cause serious economic losses and even endanger national security.It is hoped that an effective security method can systematically classify intrusion data in order to avoid leakage of important data or misuse of data.As machine learning technology matures,deep learning is widely used in various industries.Combining deep learning with network security and intrusion detection is the current trend.In this paper,the problem of data classification in intrusion detection system is studied.We propose an intrusion detection model based on stack bidirectional long short-term memory(LSTM),introduce stack bidirectional LSTM into the field of intrusion detection and apply it to the intrusion detection.In order to determine the appropriate parameters and structure of stack bidirectional LSTM network,we have carried out experiments on various network structures and parameters and analyzed the experimental results.The classic KDD Cup’1999 dataset was selected for experiments so that we can obtain convincing and comparable results.Experimental results derived from the KDD Cup’1999 dataset show that the network with three hidden layers containing 80 LSTM cells is superior to other algorithms in computational cost and detection performance due to stack bidirectional LSTM model’s ability to review time and correlate with connected records continuously.The experiment shows the effectiveness of stack bidirectional LSTM network in intrusion detection.展开更多
The network-based intrusion detection has become common to evaluate machine learning algorithms. Although the KDD Cup’99 Dataset has class imbalance over different intrusion classes, still it plays a significant role...The network-based intrusion detection has become common to evaluate machine learning algorithms. Although the KDD Cup’99 Dataset has class imbalance over different intrusion classes, still it plays a significant role to evaluate machine learning algorithms. In this work, we utilize the singular valued decomposition technique for feature dimension reduction. We further reconstruct the features form reduced features and the selected eigenvectors. The reconstruction loss is used to decide the intrusion class for a given network feature. The intrusion class having the smallest reconstruction loss is accepted as the intrusion class in the network for that sample. The proposed system yield 97.90% accuracy on KDD Cup’99 dataset for the stated task. We have also analyzed the system with individual intrusion categories separately. This analysis suggests having a system with the ensemble of multiple classifiers;therefore we also created a random forest classifier. The random forest classifier performs significantly better than the SVD based system. The random forest classifier achieves 99.99% accuracy for intrusion detection on the same training and testing data set.展开更多
文摘在基于人工免疫的入侵检测研究领域,一般都是应用随机产生字符串的方法来生成检测器。这种方法生成检测器的速度较慢,而且生成的检测器集的检测率低。由于非我样本中存在着关于非我空间的信息,提出通过应用非我样本来初始化基因库并应用基因库来生成检测器的方法来检测入侵。应用KDD Cup 1999入侵检测数据集,通过实验证明该方法是有效的,能更快地生成检测率更高的检测器集。
基金This work was supported by Scientific Research Starting Project of SWPU[Zheng,D.,No.0202002131604]Major Science and Technology Project of Sichuan Province[Zheng,D.,No.8ZDZX0143]+1 种基金Ministry of Education Collaborative Education Project of China[Zheng,D.,No.952]Fundamental Research Project[Zheng,D.,Nos.549,550].
文摘Nowadays,Internet has become an indispensable part of daily life and is used in many fields.Due to the large amount of Internet traffic,computers are subject to various security threats,which may cause serious economic losses and even endanger national security.It is hoped that an effective security method can systematically classify intrusion data in order to avoid leakage of important data or misuse of data.As machine learning technology matures,deep learning is widely used in various industries.Combining deep learning with network security and intrusion detection is the current trend.In this paper,the problem of data classification in intrusion detection system is studied.We propose an intrusion detection model based on stack bidirectional long short-term memory(LSTM),introduce stack bidirectional LSTM into the field of intrusion detection and apply it to the intrusion detection.In order to determine the appropriate parameters and structure of stack bidirectional LSTM network,we have carried out experiments on various network structures and parameters and analyzed the experimental results.The classic KDD Cup’1999 dataset was selected for experiments so that we can obtain convincing and comparable results.Experimental results derived from the KDD Cup’1999 dataset show that the network with three hidden layers containing 80 LSTM cells is superior to other algorithms in computational cost and detection performance due to stack bidirectional LSTM model’s ability to review time and correlate with connected records continuously.The experiment shows the effectiveness of stack bidirectional LSTM network in intrusion detection.
文摘The network-based intrusion detection has become common to evaluate machine learning algorithms. Although the KDD Cup’99 Dataset has class imbalance over different intrusion classes, still it plays a significant role to evaluate machine learning algorithms. In this work, we utilize the singular valued decomposition technique for feature dimension reduction. We further reconstruct the features form reduced features and the selected eigenvectors. The reconstruction loss is used to decide the intrusion class for a given network feature. The intrusion class having the smallest reconstruction loss is accepted as the intrusion class in the network for that sample. The proposed system yield 97.90% accuracy on KDD Cup’99 dataset for the stated task. We have also analyzed the system with individual intrusion categories separately. This analysis suggests having a system with the ensemble of multiple classifiers;therefore we also created a random forest classifier. The random forest classifier performs significantly better than the SVD based system. The random forest classifier achieves 99.99% accuracy for intrusion detection on the same training and testing data set.
