计算机工程与应用 ›› 2014, Vol. 50 ›› Issue (10): 96-100.

• 网络、通信、安全 • 上一篇    下一篇

基于邻域粗糙集的入侵检测集成算法

魏  峻   

  1. 陕西理工学院 数学与计算机科学学院,陕西 汉中 723000
  • 出版日期:2014-05-15 发布日期:2014-05-14

Intrusion detection ensemble algorithm based on neighborhood rough set

WEI Jun   

  1. School of Mathematics and Computer Science, Shaanxi University of Technology, Hanzhong, Shaanxi 723000, China
  • Online:2014-05-15 Published:2014-05-14

摘要: 入侵检测领域的数据往往具有高维性及非线性特点,且其中含有大量的噪声、冗余及连续型属性,这就使得一般的模式分类方法不能对其进行有效的处理。为了进一步提高入侵检测效果,提出了基于邻域粗糙集的入侵检测集成算法。采用Bagging技术产生多个具有较大差异性的训练子集,针对入侵检测数据的连续型特点,在各训练子集上使用具有不同半径的邻域粗糙集模型进行属性约简,消除冗余与噪声,实现属性约简以提高属性子集的分类性能,同时也获得具有更大差异性的训练子集,采用SVM为分类器训练多个基分类器,以各基分类器的检测精度构造权重进行加权集成。KDD99数据集的仿真实验结果表明,该算法能有效地提高入侵检测的精度和效率,具有较高的泛化性和稳定性。

关键词: 入侵检测, Bagging技术, 邻域粗糙集, 支持向量机, 集成学习

Abstract: The intrusion detection data has high dimensionality and nonlinear characteristics, and contains large redundant and noisy attributes, as well as some continuous attributes, this paper presents an ensemble algorithm based on neighborhood rough set to improve the effect of intrusion detection. Many training subsets are generated by Bagging technology, reduced training subsets with large difference are gained using neighborhood rough set with different radius in the training subset, many base classifiers are trained in reduced training subsets, and are ensembled using weighted average method. The experimental results in the KDD99 dataset show that the algorithm can effectively improve the accuracy and efficiency of intrusion detection, it has high generalization and stability.

Key words: intrusion detection, Bagging, neighborhood rough set, support vector machine, ensemble learning