一种高效的面向轻量级入侵检测系统的特征选择算法  被引量：46

作　　者：陈友[1] 沈华伟[1] 李洋[1] 程学旗[1] 

机构地区：[1]中国科学院计算技术研究所

出　　处：《计算机学报》2007年第8期1398-1408,共11页Chinese Journal of Computers

基　　金：国家"九七三"重点基础研究发展规划项目基金(2004CB318109);国家信息安全计划项目基金(2005C39)资助~~

摘　　要：特征选择是网络安全、模式识别、数据挖掘等领域的重要问题之一.针对高维数据对象,特征选择一方面可以提高分类精度和效率,另一方面可以找出富含信息的特征子集.文中提出一种wrapper型的特征选择算法来构建轻量级入侵检测系统.该算法采用遗传算法和禁忌搜索相混合的搜索策略对特征子集空间进行随机搜索,然后利用提供的数据在无约束优化线性支持向量机上的平均分类正确率作为特征子集的评价标准来获取最优特征子集.文中按照DOS,PROBE,R2L,U2R4个类别对KDD1999数据集进行分类,并且在每一类上进行了大量的实验.实验结果表明,对每一类攻击文中提出的特征选择算法不仅可以加快特征选择的速度,而且基于该算法构建的入侵检测系统在建模时间、检测时间、检测已知攻击、检测未知攻击上,与没有运用特征选择的入侵检测系统相比具有更好的性能.Feature selection is one of the most important problems in network security, pattern recognition and data mining areas. For high dimension data, feature selection not only can im- prove the accuracy and efficiency of classification, but also discover informative subset. This paper proposes a new feature selection algorithm aiming at building lightweight intrusion detection system （IDS） by （1） using a hybrid strategy of genetic algorithm and tabu search （GATS） as search strategy to specify a candidate subset for evaluation; （2） using modified linear Support Vector Machines （SVMs） iterative procedure as wrapper approach to obtain the optimum feature subset. The authors have examined the feasibility of the feature selection algorithm by conducting several experiments on KDD1999 intrusion detection dataset which was categorized as DOS, PROBE, R2L and U2R. The experimental results show that the approach is able not only to speed up the process o~ selecting important features but also to guarantee high detection rates. Furthermore, the experiments indicate that intrusion detection system with a combination of feature selection algorithm has better performances than that without feature selection algorithm in terms of building time, testing time and detection rates.

关 键 词：特征选择 遗传算法 禁忌搜索 线性支持向量机 入侵检测系统 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]