【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 6676次   下载 5518 本文二维码信息
码上扫一扫!
基于双层异质集成学习器的入侵检测方法
凌玥,刘玉岭,姜波,李宁,卢志刚,刘宝旭
分享到: 微信 更多
(中国科学院信息工程研究所, 北京 中国 100093;中国科学院大学网络空间安全学院, 北京 中国 100049)
摘要:
入侵检测是网络安全领域中具有挑战性和重要性的任务。现有研究以增加时间消耗和误报率为代价,重点关注如何提高检测率,在实际应用中代价较大。为此,本文提出了一种使用双层异质学习器集成学习策略的入侵检测IDHEL模型。该模型使用概率核主成分分析方法降低数据维度,采用多个异质分类器通过分层十折交叉验证策略进行异常检测,并根据所提出的分类器评估算法筛选出在相关数据上表现最佳的三种分类器,基于概率加权投票的多分类器集成算法进行入侵检测。实验结果表明IDHEL模型在准确率、错误率和时间消耗方面均优于现有主流入侵检测模型。
关键词:  入侵检测  异质学习器集成  概率核主成分分析  分类器评估  概率加权投票
DOI:10.19363/J.cnki.cn10-1380/tn.2021.05.02
投稿时间:2019-05-31修订日期:2019-09-16
基金项目:本课题得到中国自然科学基金(No.61702508,No.61802404),国家重点研发计划课题(No.2016YFF0204002,No.2016YFF0204003),“十三五”装备预研领域基金(No.6140002020115)的支持,也得到中国科学院网络评估技术重点实验室和北京市网络安全与保护技术重点实验室的部分支持。
Intrusion Detection Method based on Double-Layer Heterogeneous Ensemble Learner
LING Yue,LIU Yuling,JIANG Bo,LI Ning,LU Zhigang,LIU Baoxu
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Abstract:
Intrusion detection is a challenging and important task. Nowadays, researchers proposed many intrusion detection models and technologies. However, existing research focused on how to increase detection rate at the cost of increasing time consumption and false positive rate, which is costly in practical application. In this paper, we propose a novel intrusion detection model using double-layer heterogeneous ensemble learner strategy (IDHEL). This model first uses probabilistic kernel principal component analysis to efficiently reduce the data dimension, in order to reduce the computational overhead. Then, multiple heterogeneous classifiers are adopted for anomaly detection by a layered ten-fold cross validation strategy. Finally, IDHEL chooses the best three classifiers based on probability-weighted voting for intrusion detection. We compare the IDHEL model with existing algorithms, and the experimental results have shown that the IDHEL model is superior to other models in terms of accuracy, False Positive Rate (FPR) and time consumption.
Key words:  intrusion detection  heterogeneous classifiers ensemble  probabilistic kernel principal component analysis  classifier evaluation  probability weighted voting