Computer Engineering and Applications ›› 2012, Vol. 48 ›› Issue (22): 124-128.

Previous Articles     Next Articles

Combined rough set and decision tree method for intrusion detection

FEI Hongxiao, HU Lin   

  1. School of Software, Central South University, Changsha 410075, China
  • Online:2012-08-01 Published:2012-08-06

一种粗糙集-决策树结合的入侵检测方法

费洪晓,胡  琳   

  1. 中南大学 软件学院,长沙 410075

Abstract: Aiming at the problems of high-dimensional massive data collected in the intrusion detection system, complexity and low accuracy by the model constructed by decision tree, the attributes of the network connections related with intrusion are selected because of the advantage about rough set, and then the model built by decision tree is used to classify the network connections in prediction, so a method for network intrusion detection has been developed, which is based on the attributes’ reduction of rough set and the predictive classification of decision tree hybrid in this paper. Experimental results show that the predominance has been proved, the accuracy has been improved in detecting DoS attacks largely and in detecting Probe and R2L attacks, at the same time, the rate of false alarm has been decreased notably.

Key words: rough set, intrusion accuracy, attribute reduction, decision tree, intrusion detection, rate of false alarm

摘要: 针对入侵检测系统收集数据海量、高维、检测模型复杂和检测准确率低等问题,采用粗糙集属性约简的优势寻找与判断入侵与否相关的属性,利用决策树分类算法生成模型并对网络连接进行入侵预测分类检测,从而提出了一种粗糙集属性约简和决策树预测分类相结合的网络入侵检测方法。实验结果表明,该方法在入侵检测准确率上有很大的提高,对DoS攻击、Probe攻击和R2L攻击的检测效果均有所提高,同时大大降低了检测的误报率。

关键词: 粗糙集, 检测准确率, 属性约简, 决策树, 入侵检测, 误报率