网络入侵检测的GEP规则提取算法研究  被引量:1

Study on GEP Rule Extraction Algorithm for Network Intrusion Detection

在线阅读下载全文

作  者:唐菀[1,2] 曹阳[1] 杨喜敏[2,3] 覃俊[2] 

机构地区:[1]武汉大学电子信息学院软件工程国家重点实验室,武汉430070 [2]中南民族大学计算机科学学院,武汉430074 [3]华中科技大学计算机科学与技术学院,武汉430074

出  处:《计算机科学》2009年第11期79-82,共4页Computer Science

基  金:国家重点基础研究发展计划(2004CB318203);国家自然科学基金(60603008);湖北省自然科学基金(BZY07008)资助

摘  要:针对基于机器学习网络入侵检测存在的未知攻击检测率低、规则多而复杂导致检测效率不高等问题,提出了基于约束的基因表达式编程(GEP)规则提取算法(CGREA)。用GEP模式表示入侵检测规则,定义了约束文法对规则个体进行约束,以满足规则的充分性和封闭性。CGREA算法限定GEP规则基因头部各类符号的随机选择数目比例,并采用精英策略以保证算法收敛性。用KDD CUP’99数据集对CGREA算法提取的入侵检测规则进行评估,总攻击检测率为91.36%,其中有3种未知攻击的检测率超过88%。结果表明,CGREA算法能在较小种群和有限代数内提取出简单而有效的规则,未知攻击检测率和检测性能也得到提高。Network intrusion detection based on machine learning suffers from the problems of low detection ratio for unknown intrusion and low detection efficiency due to many complex rules. To solve these problems, a constraint-based gene expression programming (GEP) rule extraction algorithm (CGREA) was proposed. The intrusion detection rules were represented based on GEP model, and a constraint grammar was defined to guarantee the rules closeness and ade- quacy. It restricted the ratio of randomly selecting various symbols in the gene head of GEP rules, and used the elitist strategy to guarantee convergence. The KDD CUP' 99 DATA Set was used for evaluation the intrusion detection rules auto-extracted by CGREA. A 91% probability of detection was achieved, and three unknown attacks' probabilities of detection were more than 88%. These results indicate that the intrusion detection rules that extracted by CGREA are effective, simple,and capable of detecting unknown intrusions. Moreover, the efficiency of rule generation and detection is improved.

关 键 词:网络入侵检测 基因表达式编程 规则提取 约束文法 精英策略 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象