基于风险数据挖掘追踪技术的网络入侵检测研究  被引量：8

作　　者：张钰莎 蒋盛益[2] ZHANG Yusha;JIANG Shengyi(School of Electronic Information,Hunan Institute of Information Technology,Changsha 410151,China;School of Information Science and Technology,Guangdong University of Foreign Studies,Guangzhou 510006,China)

机构地区：[1]湖南信息学院电子信息学院,长沙410151 [2]广东外语外贸大学信息学院,广州510006

出　　处：《重庆理工大学学报（自然科学）》2019年第10期127-135,共9页Journal of Chongqing University of Technology：Natural Science

基　　金：国家自然科学基金资助项目(61572145);湖南省教育科学“十三五”规划课题阶段性成果(XJK18CGD044)

摘　　要：网络入侵检测是通过分析网络流量行为来识别网络中恶意活动的过程,针对网络入侵检测面临的海量数据入侵检测的挑战,提出了一种新的基于KDD CUP 99数据集的特征选择算法,将基于滤波器和包装器的方法相结合,选择合适的特征进行网络检测入侵。首先,基于训练数据的一般特征对特征进行评价,不依赖于任何挖掘算法;然后,采用互信息萤火虫算法(MIFA)作为基于包装器的特征选择策略进行特征提取,进一步基于C4.5分类器和基于贝叶斯网络(BN)的分类器,结合KDD CUP 99数据集对得到的特征进行分类;最后,将提出的方法与已有的工作进行比较。实验结果表明:10个特征足够检测入侵,并提高了检测精度和假阳性率。Network intrusion detection is to identify the network through the analysis of network flow behavior in the process of malicious activity.In view of the network intrusion detection are faced with the challenge of huge amounts of data for intrusion detection,this paper proposes a new feature selection algorithm based on KDD CUP 99 data sets,combining the method based on filter and wrapper and choosing the appropriate characteristics of network intrusion detection.Firstly,the characteristics are evaluated based on the general features of the training data and do not depend on any mining algorithm.Then the mutual information firefly algorithm(MIFA)is used as the feature selection strategy based on the wrapper to extract features.Further,based on C4.5 classifier and bayesian network(BN)classifier,combined with KDD CUP 99 data set,the obtained features were classified.Finally,the proposed method is compared with the existing work.The experimental results show that 10 features are enough to detect intrusion,and the detection accuracy and false positive rate are improved.

关 键 词：数据挖掘 检测异常 数据追踪 网络入侵检测 过滤器 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]