Computer Engineering and Applications ›› 2020, Vol. 56 ›› Issue (12): 66-72.DOI: 10.3778/j.issn.1002-8331.1911-0321

Previous Articles     Next Articles

Network Intrusion Detection Method Based on GAN-PSO-ELM

YANG Yanrong, SONG Rongjie, ZHOU Zhaoyong   

  1. 1.Network & Education Technology Center, Northwest A&F University, Yangling, Shaanxi 712100, China
    2.College of Information Engineering, Northwest A&F University, Yangling, Shaanxi 712100, China
  • Online:2020-06-15 Published:2020-06-09

基于GAN-PSO-ELM的网络入侵检测方法

杨彦荣,宋荣杰,周兆永   

  1. 1.西北农林科技大学 网络与教育技术中心,陕西 杨凌 712100
    2.西北农林科技大学 信息工程学院,陕西 杨凌 712100

Abstract:

Aiming at the problem of low detection rate of a few classes of machine learning methods in dealing with unbalanced massive intrusion data, this paper proposes an intrusion detection method(GAN-PSO-ELM) which combines the Generative Adversarial Nets(GAN), Particle Swarm Optimiztion(PSO) and Extreme Learning Machine(ELM). The original network data is preprocessed, and the data set with a few kinds of samples are expanded by using Gan and the way of whole class expansion. On the extended balance data set, PSO is used to optimize the input weights and hidden layer thresholds of elm, and an intrusion detection model is established. The simulation experiments are carried out on NSL-KDD data set. The experimental results show that compared with SVM, ELM and PSO-ELM, GAN-PSO-ELM not only has a higher detection efficiency, but also has an average increase of 3.74% in the overall detection accuracy, 28.13% and 16.84% in a few R2L and U2R, respectively.

Key words: intrusion detection, Generative Adversarial Networks(GAN), Extreme Learning Machine(ELM), Particle Swarm Optimization(PSO), Support Vector Machine(SVM)

摘要:

针对传统机器学习方法在处理非平衡的海量入侵数据时少数类检测率低的问题,提出一种融合生成式对抗网络(GAN)、粒子群算法(PSO)和极限学习机(ELM)的入侵检测(GAN-PSO-ELM)方法。对原始网络数据进行预处理,利用GAN并采用整体类扩充的方式对数据集进行少数类样本扩充。在扩充后的平衡数据集上,利用PSO算法优化ELM的输入权重与隐含层偏置,并建立入侵检测模型。在NSL-KDD数据集上进行仿真实验。实验结果表明,与SVM、ELM、PSO-ELM方法相比,GAN-PSO-ELM不仅具有较高的检测效率,而且在整体检测准确率上平均提高了3.74%,在少数类R2L和U2R上分别平均提高了28.13%和16.84%。

关键词: 入侵检测, 生成式对抗网络, 极限学习机, 粒子群算法, 支持向量机