计算机工程与应用 ›› 2016, Vol. 52 ›› Issue (22): 118-122.

• 网络、通信与安全 • 上一篇    下一篇

基于IPMeans-KELM的入侵检测算法研究

陈兴亮,李永忠,于化龙   

  1. 江苏科技大学 计算机科学与工程学院,江苏 镇江 212003
  • 出版日期:2016-11-15 发布日期:2016-12-02

Intrusion detection algorithm based on IPMeans-KELM

CHEN Xingliang, LI Yongzhong, YU Hualong   

  1. School of Computer Science and Engineering, Jiangsu University of Science and Technology, Zhenjiang, Jiangsu 212003, China
  • Online:2016-11-15 Published:2016-12-02

摘要: 目前入侵检测系统中普遍存在数据维度高、数据量大、训练难等问题。在入侵检测系统中应用核极限学习机(KELM)算法,使其能够适应大量高维数据的训练,且学习速度快无需调整网络的输入权值,降低了检测系统的训练难度。但是由于入侵数据集的不均衡性、噪音干扰性、分布不均性等,直接影响了KELM的分类性能。因此,针对入侵数据处理问题,提出了一种基于IPMeans-KELM的入侵检测算法。该算法首先利用改进的PSO优化K-means算法(IPMeans)对入侵数据进行聚类处理,增加相同数据类型的聚集度,然后对处理后的数据进行10-CV分割,将分割的10份数据轮流训练KELM分类器,把测试数据通过训练好的KELM分类器进行测试,输出分类器检测率的平均值,如果检测效果不满足期望条件,则进行循环处理,直至条件满足。在Matlab平台上进行了对比实验,实验结果表明该算法在有效地提高了入侵检测率的同时降低了误报率。

关键词: 网络入侵, 粒子群算法, [K]均值算法, 核极限学习机, 10折交叉验证

Abstract: At present, some problems such as high dimension of data, large amount of data and difficult training appear in intrusion detection system. The use of Kernel Extreme Learning Machine(KELM) algorithm in intrusion detection system can make intrusion detection system adapt to the training of a large number of high dimensional data, and learning speed of the system is quick without adjusting the input value of the network, reducing the training difficulty of detection system. However, the imbalance of the invasion data sets and the interference of noise directly affect the performance of KELM. Therefore, for dealing well with the invasion of data sets, intrusion detection algorithm based on IPMeans-KELM is proposed. Firstly, the algorithm uses improved PSO to optimize the?k-means?algorithm(IPMeans), which increases aggregation of the same data type. Next, the processed data are split with 10-CV and ten of data are trained in turn for KELM classifier. Test the data by trained KELM classifier, and then output the average detection rate. If the test result does not meet the expected conditions, the cycle is processed until the condition is meet. Finally, it shows that the method effectively improves the intrusion detection rate while reducing the false alarm rate with doing comparison experiments on Matlab.

Key words: network intrusion detection, Particle Swarm Optimization, K-means, Kernel Extreme Learning Machine(KELM), 10-CV