在基于人工免疫的入侵检测研究领域,一般都是应用随机产生字符串的方法来生成检测器。这种方法生成检测器的速度较慢,而且生成的检测器集的检测率低。由于非我样本中存在着关于非我空间的信息,提出通过应用非我样本来初始化基因库并应...在基于人工免疫的入侵检测研究领域,一般都是应用随机产生字符串的方法来生成检测器。这种方法生成检测器的速度较慢,而且生成的检测器集的检测率低。由于非我样本中存在着关于非我空间的信息,提出通过应用非我样本来初始化基因库并应用基因库来生成检测器的方法来检测入侵。应用KDD Cup 1999入侵检测数据集,通过实验证明该方法是有效的,能更快地生成检测率更高的检测器集。展开更多
为了有效增强网络入侵的检测效果,尽可能地预防网络入侵行为的发生,文中基于协同量子粒子群CQPSO算法以及最小二乘支持向量机LSSVM,建立了CQPSO-LSSVM网络入侵检测模型。该模型利用CQPSO算法对网络入侵的相关特征进行选择,从而获得最优...为了有效增强网络入侵的检测效果,尽可能地预防网络入侵行为的发生,文中基于协同量子粒子群CQPSO算法以及最小二乘支持向量机LSSVM,建立了CQPSO-LSSVM网络入侵检测模型。该模型利用CQPSO算法对网络入侵的相关特征进行选择,从而获得最优特征子集,减少后续LSSVM所需处理的输入特征给数,有效降低计算量,并提高检测效率。经过KDD CUP 99数据集的仿真测试实验,该模型检测效果良好,具有较高的检测率、较低的误报率和漏报率,且检测速率较快,能够满足网络入侵检测的实时性与准确性的要求,为相关网络入侵检测模型的设计和建立提供参考。展开更多
In recent years,machine learning technology has been widely used for timely network attack detection and classification.However,due to the large number of network traffic and the complex and variable nature of malicio...In recent years,machine learning technology has been widely used for timely network attack detection and classification.However,due to the large number of network traffic and the complex and variable nature of malicious attacks,many challenges have arisen in the field of network intrusion detection.Aiming at the problem that massive and high-dimensional data in cloud computing networks will have a negative impact on anomaly detection,this paper proposes a Bi-LSTM method based on attention mechanism,which learns by transmitting IDS data to multiple hidden layers.Abstract information and high-dimensional feature representation in network data messages are used to improve the accuracy of intrusion detection.In the experiment,we use the public data set KDD-Cup 99 for verification.The experimental results show that the model can effectively detect unpredictable malicious behaviors under the current network environment,improve detection accuracy and reduce false positive rate compared with traditional intrusion detection methods.展开更多
Enhancement in wireless networks had given users the ability to use the Internet without a physical connection to the router.Almost every Internet of Things(IoT)devices such as smartphones,drones,and cameras use wirel...Enhancement in wireless networks had given users the ability to use the Internet without a physical connection to the router.Almost every Internet of Things(IoT)devices such as smartphones,drones,and cameras use wireless technology(Infrared,Bluetooth,IrDA,IEEE 802.11,etc.)to establish multiple interdevice connections simultaneously.With the flexibility of the wireless network,one can set up numerous ad-hoc networks on-demand,connecting hundreds to thousands of users,increasing productivity and profitability significantly.However,the number of network attacks in wireless networks that exploit such flexibilities in setting and tearing down networks has become very alarming.Perpetrators can launch attacks since there is no first line of defense in an ad hoc network setup besides the standard IEEE802.11 WPA2 authentication.One feasible countermeasure is to deploy intrusion detection systems at the edge of these ad hoc networks(Network-based IDS)or at the node level(Host-based IDS).The challenge here is that there is no readily available benchmark data available for IoT network traffic.Creating this benchmark data is very tedious as IoT can work on multiple platforms and networks,and crafting and labelling such dataset is very labor-intensive.This research aims to study the characteristics of existing datasets available such as KDD-Cup and NSL-KDD,and their suitability for wireless IDS implementation.We hypothesize that network features are parametrically different depending on the types of network and assigning weight dynamically to these features can potentially improve the subsequent threat classifications.This paper analyses packet and flow features for the data packet captured on a wireless network rather than a wired network.Combining domain heuristcs and early classification results,the paper had identified 19 header fields exclusive to wireless network that contain high information gain to be used as ML features in Wireless IDS.展开更多
为了提高网络入侵检测的性能,提出一种基于半监督学习的网络入侵检测系统SSIDS-CV。系统由网络嗅探器、训练集生成器和半监督分类器三部分组成。通过对无标记入侵数据进行伪标记,将伪标记后的样本加入到有标记数据集中,参与交叉验证,选...为了提高网络入侵检测的性能,提出一种基于半监督学习的网络入侵检测系统SSIDS-CV。系统由网络嗅探器、训练集生成器和半监督分类器三部分组成。通过对无标记入侵数据进行伪标记,将伪标记后的样本加入到有标记数据集中,参与交叉验证,选取能使分类器误差最小的标记作为最终的标记,扩充有标记数据数目,训练入侵检测分类器。使用KDD Cup 99数据集模拟半监督入侵检测过程,实验结果表明SSIDS-CV能有效地挖掘未标记入侵数据信息,具有较高的入侵检测率。展开更多
为了减少分布式拒绝服务攻击(DDoS),将蚂蚱优化算法(GOA)与机器学习算法结合使用,通过创建入侵检测系统(IDS)来满足监控环境的要求,并能够区分正常和攻击流量。所设计的基于GOA的IDS技术(GOIDS)能够从原始IDS数据集中选择最相关的特征...为了减少分布式拒绝服务攻击(DDoS),将蚂蚱优化算法(GOA)与机器学习算法结合使用,通过创建入侵检测系统(IDS)来满足监控环境的要求,并能够区分正常和攻击流量。所设计的基于GOA的IDS技术(GOIDS)能够从原始IDS数据集中选择最相关的特征来帮助区分典型的低速DDoS攻击,然后将选择的特征传递给支持向量机(SVM)、决策树(DT)、朴素贝叶斯(NB)和多层感知器(MLP)等分类器来识别攻击类型。利用KDD Cup 99和CIC-IDS 2017公开数据集作为实验数据,仿真结果表明,基于决策树的GOIDS具有较高的检测率和较低的假阳性率。展开更多
本文设计了一种新的深度神经网络(New Deep Neural Network,NDNN)模型,并将其应用到入侵检测系统中.NDNN以其突出的特征学习能力充分学习训练数据的特征,在输出层,NDNN通过Softmax分类器对网络攻击报文与正常报文数据进行识别和分类,检...本文设计了一种新的深度神经网络(New Deep Neural Network,NDNN)模型,并将其应用到入侵检测系统中.NDNN以其突出的特征学习能力充分学习训练数据的特征,在输出层,NDNN通过Softmax分类器对网络攻击报文与正常报文数据进行识别和分类,检测异常报文与入侵攻击.实验通过对KDD Cup 99数据集进行仿真,实验结果表明本文设计的基于NDNN的入侵检测系统模型,进一步提高了入侵检测系统的精度,增强了网络的安全性.展开更多
With theincreasing worldwide network attacks, intrusion detection (ID) hasbecome a popularresearch topic inlast decade.Several artificial intelligence techniques such as neural networks and fuzzy logichave been applie...With theincreasing worldwide network attacks, intrusion detection (ID) hasbecome a popularresearch topic inlast decade.Several artificial intelligence techniques such as neural networks and fuzzy logichave been applied in ID. The results are varied. Theintrusion detection accuracy is themain focus for intrusion detection systems (IDS). Most research activities in the area aiming to improve the ID accuracy. In this paper, anartificial immune system (AIS) based network intrusion detection scheme is proposed. An optimized feature selection using Rough Set (RS) theory is defined. The complexity issue is addressed in the design of the algorithms. The scheme is tested on the widely used KDD CUP 99 dataset. The result shows that theproposed scheme outperforms other schemes in detection accuracy.展开更多
Intrusion detection systems provide additional defense capacity to a networked information system in addition to the security measures provided by the firewalls. This paper proposes an active rule based enhancement to...Intrusion detection systems provide additional defense capacity to a networked information system in addition to the security measures provided by the firewalls. This paper proposes an active rule based enhancement to the C4.5 algorithm for network intrusion detection in order to detect misuse behaviors of internal attackers through effective classification and decision making in computer networks. This enhanced C4.5 algorithm derives a set of classification rules from network audit data and then the generated rules are used to detect network intrusions in a real-time environment. Unlike most existing decision tree based approaches, the spawned rules generated and fired in this work are more effective because the information-theoretic approach minimizes the expected number of tests needed to classify an object and guarantees that a simple (but not necessarily the simplest) tree is found. The main advantage of this proposed algorithm is that the generalization ability of enhanced C4.5 decision trees is better than that of C4.5 decision trees. We have employed data from the third international knowledge discovery and data mining tools competition (KDDcup’99) to train and test the feasibility of this proposed model. By applying the enhanced C4.5 algorithm an average detection rate of 93.28 percent and a false positive rate of 0.7 percent have respectively been obtained in this work.展开更多
The network-based intrusion detection has become common to evaluate machine learning algorithms. Although the KDD Cup’99 Dataset has class imbalance over different intrusion classes, still it plays a significant role...The network-based intrusion detection has become common to evaluate machine learning algorithms. Although the KDD Cup’99 Dataset has class imbalance over different intrusion classes, still it plays a significant role to evaluate machine learning algorithms. In this work, we utilize the singular valued decomposition technique for feature dimension reduction. We further reconstruct the features form reduced features and the selected eigenvectors. The reconstruction loss is used to decide the intrusion class for a given network feature. The intrusion class having the smallest reconstruction loss is accepted as the intrusion class in the network for that sample. The proposed system yield 97.90% accuracy on KDD Cup’99 dataset for the stated task. We have also analyzed the system with individual intrusion categories separately. This analysis suggests having a system with the ensemble of multiple classifiers;therefore we also created a random forest classifier. The random forest classifier performs significantly better than the SVD based system. The random forest classifier achieves 99.99% accuracy for intrusion detection on the same training and testing data set.展开更多
入侵检测作为一种网络主动防御技术,能够有效阻止来自黑客的多种手段攻击。随着机器学习的发展,相关技术也开始应用到入侵检测中。本文采用sklearn库中preprocessing模块的函数对KDD CUP 99数据集进行预处理,基于朴素贝叶斯和逻辑回归算...入侵检测作为一种网络主动防御技术,能够有效阻止来自黑客的多种手段攻击。随着机器学习的发展,相关技术也开始应用到入侵检测中。本文采用sklearn库中preprocessing模块的函数对KDD CUP 99数据集进行预处理,基于朴素贝叶斯和逻辑回归算法,建立了网络入侵检测模型,并利用信息增益算法对入侵相关特征进行选择,然后进行训练与预测。实验结果表明,选择特征子集进行训练和预测能够保证预测准确率并大幅提高检测效率。研究成果可为高速铁路信号系统网络入侵检测模型的设计和建立提供参考。展开更多
文摘在基于人工免疫的入侵检测研究领域,一般都是应用随机产生字符串的方法来生成检测器。这种方法生成检测器的速度较慢,而且生成的检测器集的检测率低。由于非我样本中存在着关于非我空间的信息,提出通过应用非我样本来初始化基因库并应用基因库来生成检测器的方法来检测入侵。应用KDD Cup 1999入侵检测数据集,通过实验证明该方法是有效的,能更快地生成检测率更高的检测器集。
文摘为了有效增强网络入侵的检测效果,尽可能地预防网络入侵行为的发生,文中基于协同量子粒子群CQPSO算法以及最小二乘支持向量机LSSVM,建立了CQPSO-LSSVM网络入侵检测模型。该模型利用CQPSO算法对网络入侵的相关特征进行选择,从而获得最优特征子集,减少后续LSSVM所需处理的输入特征给数,有效降低计算量,并提高检测效率。经过KDD CUP 99数据集的仿真测试实验,该模型检测效果良好,具有较高的检测率、较低的误报率和漏报率,且检测速率较快,能够满足网络入侵检测的实时性与准确性的要求,为相关网络入侵检测模型的设计和建立提供参考。
基金This work is supported by the National Key R&D Program of China(2017YFB0802703)Major Scientific and Technological Special Project of Guizhou Province(20183001)+1 种基金Open Foundation of Guizhou Provincial Key VOLUME XX,2019 Laboratory of Public Big Data(2018BDKFJJ014)Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ019,2018BDKFJJ022).
文摘In recent years,machine learning technology has been widely used for timely network attack detection and classification.However,due to the large number of network traffic and the complex and variable nature of malicious attacks,many challenges have arisen in the field of network intrusion detection.Aiming at the problem that massive and high-dimensional data in cloud computing networks will have a negative impact on anomaly detection,this paper proposes a Bi-LSTM method based on attention mechanism,which learns by transmitting IDS data to multiple hidden layers.Abstract information and high-dimensional feature representation in network data messages are used to improve the accuracy of intrusion detection.In the experiment,we use the public data set KDD-Cup 99 for verification.The experimental results show that the model can effectively detect unpredictable malicious behaviors under the current network environment,improve detection accuracy and reduce false positive rate compared with traditional intrusion detection methods.
文摘Enhancement in wireless networks had given users the ability to use the Internet without a physical connection to the router.Almost every Internet of Things(IoT)devices such as smartphones,drones,and cameras use wireless technology(Infrared,Bluetooth,IrDA,IEEE 802.11,etc.)to establish multiple interdevice connections simultaneously.With the flexibility of the wireless network,one can set up numerous ad-hoc networks on-demand,connecting hundreds to thousands of users,increasing productivity and profitability significantly.However,the number of network attacks in wireless networks that exploit such flexibilities in setting and tearing down networks has become very alarming.Perpetrators can launch attacks since there is no first line of defense in an ad hoc network setup besides the standard IEEE802.11 WPA2 authentication.One feasible countermeasure is to deploy intrusion detection systems at the edge of these ad hoc networks(Network-based IDS)or at the node level(Host-based IDS).The challenge here is that there is no readily available benchmark data available for IoT network traffic.Creating this benchmark data is very tedious as IoT can work on multiple platforms and networks,and crafting and labelling such dataset is very labor-intensive.This research aims to study the characteristics of existing datasets available such as KDD-Cup and NSL-KDD,and their suitability for wireless IDS implementation.We hypothesize that network features are parametrically different depending on the types of network and assigning weight dynamically to these features can potentially improve the subsequent threat classifications.This paper analyses packet and flow features for the data packet captured on a wireless network rather than a wired network.Combining domain heuristcs and early classification results,the paper had identified 19 header fields exclusive to wireless network that contain high information gain to be used as ML features in Wireless IDS.
文摘为了提高网络入侵检测的性能,提出一种基于半监督学习的网络入侵检测系统SSIDS-CV。系统由网络嗅探器、训练集生成器和半监督分类器三部分组成。通过对无标记入侵数据进行伪标记,将伪标记后的样本加入到有标记数据集中,参与交叉验证,选取能使分类器误差最小的标记作为最终的标记,扩充有标记数据数目,训练入侵检测分类器。使用KDD Cup 99数据集模拟半监督入侵检测过程,实验结果表明SSIDS-CV能有效地挖掘未标记入侵数据信息,具有较高的入侵检测率。
文摘为了减少分布式拒绝服务攻击(DDoS),将蚂蚱优化算法(GOA)与机器学习算法结合使用,通过创建入侵检测系统(IDS)来满足监控环境的要求,并能够区分正常和攻击流量。所设计的基于GOA的IDS技术(GOIDS)能够从原始IDS数据集中选择最相关的特征来帮助区分典型的低速DDoS攻击,然后将选择的特征传递给支持向量机(SVM)、决策树(DT)、朴素贝叶斯(NB)和多层感知器(MLP)等分类器来识别攻击类型。利用KDD Cup 99和CIC-IDS 2017公开数据集作为实验数据,仿真结果表明,基于决策树的GOIDS具有较高的检测率和较低的假阳性率。
文摘本文设计了一种新的深度神经网络(New Deep Neural Network,NDNN)模型,并将其应用到入侵检测系统中.NDNN以其突出的特征学习能力充分学习训练数据的特征,在输出层,NDNN通过Softmax分类器对网络攻击报文与正常报文数据进行识别和分类,检测异常报文与入侵攻击.实验通过对KDD Cup 99数据集进行仿真,实验结果表明本文设计的基于NDNN的入侵检测系统模型,进一步提高了入侵检测系统的精度,增强了网络的安全性.
文摘With theincreasing worldwide network attacks, intrusion detection (ID) hasbecome a popularresearch topic inlast decade.Several artificial intelligence techniques such as neural networks and fuzzy logichave been applied in ID. The results are varied. Theintrusion detection accuracy is themain focus for intrusion detection systems (IDS). Most research activities in the area aiming to improve the ID accuracy. In this paper, anartificial immune system (AIS) based network intrusion detection scheme is proposed. An optimized feature selection using Rough Set (RS) theory is defined. The complexity issue is addressed in the design of the algorithms. The scheme is tested on the widely used KDD CUP 99 dataset. The result shows that theproposed scheme outperforms other schemes in detection accuracy.
文摘Intrusion detection systems provide additional defense capacity to a networked information system in addition to the security measures provided by the firewalls. This paper proposes an active rule based enhancement to the C4.5 algorithm for network intrusion detection in order to detect misuse behaviors of internal attackers through effective classification and decision making in computer networks. This enhanced C4.5 algorithm derives a set of classification rules from network audit data and then the generated rules are used to detect network intrusions in a real-time environment. Unlike most existing decision tree based approaches, the spawned rules generated and fired in this work are more effective because the information-theoretic approach minimizes the expected number of tests needed to classify an object and guarantees that a simple (but not necessarily the simplest) tree is found. The main advantage of this proposed algorithm is that the generalization ability of enhanced C4.5 decision trees is better than that of C4.5 decision trees. We have employed data from the third international knowledge discovery and data mining tools competition (KDDcup’99) to train and test the feasibility of this proposed model. By applying the enhanced C4.5 algorithm an average detection rate of 93.28 percent and a false positive rate of 0.7 percent have respectively been obtained in this work.
文摘The network-based intrusion detection has become common to evaluate machine learning algorithms. Although the KDD Cup’99 Dataset has class imbalance over different intrusion classes, still it plays a significant role to evaluate machine learning algorithms. In this work, we utilize the singular valued decomposition technique for feature dimension reduction. We further reconstruct the features form reduced features and the selected eigenvectors. The reconstruction loss is used to decide the intrusion class for a given network feature. The intrusion class having the smallest reconstruction loss is accepted as the intrusion class in the network for that sample. The proposed system yield 97.90% accuracy on KDD Cup’99 dataset for the stated task. We have also analyzed the system with individual intrusion categories separately. This analysis suggests having a system with the ensemble of multiple classifiers;therefore we also created a random forest classifier. The random forest classifier performs significantly better than the SVD based system. The random forest classifier achieves 99.99% accuracy for intrusion detection on the same training and testing data set.
文摘入侵检测作为一种网络主动防御技术,能够有效阻止来自黑客的多种手段攻击。随着机器学习的发展,相关技术也开始应用到入侵检测中。本文采用sklearn库中preprocessing模块的函数对KDD CUP 99数据集进行预处理,基于朴素贝叶斯和逻辑回归算法,建立了网络入侵检测模型,并利用信息增益算法对入侵相关特征进行选择,然后进行训练与预测。实验结果表明,选择特征子集进行训练和预测能够保证预测准确率并大幅提高检测效率。研究成果可为高速铁路信号系统网络入侵检测模型的设计和建立提供参考。