计算机工程与应用 ›› 2020, Vol. 56 ›› Issue (2): 82-88.DOI: 10.3778/j.issn.1002-8331.1903-0139

• 网络、通信与安全 • 上一篇    下一篇

基于随机森林的网络入侵检测方法

芶继军,李均华,陈晨,陈一鸣,吕奕达   

  1. 1.国网四川省电力公司 经济技术研究院,成都 610041
    2.西安电子科技大学,西安 710071
  • 出版日期:2020-01-15 发布日期:2020-01-14

Network Intrusion Detection Method Based on Random Forest

GOU Jijun, LI Junhua, CHEN Chen, CHEN Yiming, LV Yida   

  1. 1.State Grid Sichuan Economic Research Institute, Chengdu 610041, China
    2.Xidian University, Xi’an 710071, China
  • Online:2020-01-15 Published:2020-01-14

摘要: 为了提高网络安全水平,及时对网络攻击进行主动检测,提出了一种基于随机森林的网络入侵检测模型。该模型能够对大流量攻击进行分布式检测,且检测算法在引入了两个随机性后,即可降低网络流量内不同属性特征字段的噪声,并消除关联性,以便更为便捷、迅速地对攻击进行主动检测。将经典的Adaboost组合多分类器方法与提出的算法在检测率、正确率、精确率三个方面进行对比,体现了该算法的优越性,为大数据时代下网络安全提供了更好的保护。

关键词: 网络安全, 机器学习, 随机森林方法, 攻击检测

Abstract: In order to improve the level of network security and detect network attack actively in time, this paper proposes a network intrusion detection model based on random forest. The model can perform distributed detection on large traffic attacks, and after introducing two randomness, the detection algorithm can reduce the noise of different attribute feature fields in network traffic and eliminate the correlation, so that it is more convenient and rapid to actively detect attack. Finally, the classical Adaboost combinatorial multi-classifier method is compared with the algorithm proposed in this paper in three aspects:detection rate, accuracy rate and precision rate, which reflects the advantages of this algorithm and provides better protection for network security in the era of big data.

Key words: network security, machine learning, random forest method, attack detect