多层极限学习机在入侵检测中的应用  被引量：18

作　　者：康松林[1] 刘乐[1] 刘楚楚[1] 廖锓 

机构地区：[1]中南大学信息科学与工程学院,长沙410083

出　　处：《计算机应用》2015年第9期2513-2518,共6页journal of Computer Applications

基　　金：国家自然科学基金资助项目(60773013)

摘　　要：针对神经网络在入侵检测应用存在的维度高、数据大、获取标记样本难、特征构造难、训练难等问题,提出了一种基于深度多层极限学习机(ML-ELM)的入侵检测方法。首先,采用多层网络结构和深度学习方法抽取检测样本最高层次的抽象特征,用奇异值对入侵检测数据进行特征表达;然后,利用极限学习机(ELM)建立入侵检测数据的分类模型;其次,利用逐层的无监督学习方法解决入侵检测获取标记样本难的问题;最后采用KDD99数据集对该方法的性能进行了验证。实验结果表明:多层极限学习机的方法提高了检测正确率,检测漏报率也低至0.48%,检测速度比其他深度模型的检测方法提高了6倍以上。同时在极少标记样本的情况下仍有85%以上的正确率。通过多层网络结构的构建提高了对U2L、R2L这两类攻击的检测率。该方法集成深度学习和无监督学习的优点,能对高维度,大数据的网络记录用较少的参数得到更好的表达,在入侵检测的检测速度以及特征表达两个方面都具有优势。In view of high dimension, big data, the difficulty of getting labeled samples, the problem of feature expression and training existed in the application of neural network in intrusion detection, an intrusion detection method based on Multiple Layer Extreme Learning Machine （ML-ELM） was proposed in this paper. Firstly, the highest level abstract features of the detection samples were extracted by muhi-layer network structure and deep learning method. The characteristics of intrusion detection data were expressed by singular values. Secondly, the Extreme Learning Machine （ELM） was used to establish the classification model of intrusion detection data. Then, the problem that hard to obtain labeled samples was solved by using a layer by layer unsupervised learning method. Finally, the KDD 99 dataset was used to test the performance of ML- ELM. The experimental results show that the proposed model can improve the detection accuracy, and the false negative rate of detection is low to 0.48%. The detection speed can be improved by more than 6 times compared with other depth detection methods. What＇s more, the detection accuracy is still more than 85% in the case of a few labeled samples. The detection rates of U2L attack and R2L attack are improved by constructing muhi-layer network structure. The method integrates the advantages of deep learning and unsupervised learning. It can express these features of high dimension and large data well using fewer parameters. It also has a good performance in intrusion detection rate and characteristic expression.

关 键 词：入侵检测 高维度 大数据 标记样本 特征构造 训练 多层极限学习机 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]