基于特征选择的两级混合入侵检测方法  被引量：4

作　　者：江泽涛 周谭盛子 胡硕[3] 时晨 JIANG Ze-tao;ZHOU Tan-sheng-zi;HU Shuo;SHI Chen(The Key Laboratory of Image and Graphic Intelligent Processing of Higher Education in Guangxi,School of Computer Science and Information Security,Guilin University of Electronic Technology,Guilin 541004,China;The Key Laboratory of Dependable Software of Guangxi,School of Computer Science and Information Security,Guilin University of Electronic Technology,Guilin 541004,China;School of Information Engineering,Nangchang HangHong University,Nangchang 330063,China)

机构地区：[1]桂林电子科技大学计算机与信息安全学院广西图像图形处理智能处理高校重点实验室,广西桂林541004 [2]桂林电子科技大学计算机与信息安全学院广西可信软件重点实验室,广西桂林541004 [3]南昌航空大学信息工程学院,江西南昌330063

出　　处：《计算机工程与设计》2020年第3期614-620,共7页Computer Engineering and Design

基　　金：国家自然科学基金项目(61572147、61762066、61876049);广西科技计划基金项目(AC16380108);广西图像图形智能处理重点实验基金项目(GIIP201701、GIIP201801、GIIP201802、GIIP201803);广西研究生教育创新计划基金项目(2018YJCX46);江西省自然科学基金项目(20171BAB212015)。

摘　　要：为提高入侵检测方法的检测率、降低误报率并提高对未知类型攻击准确率,提出一种以特征选择为基础的混合入侵检测方法。利用fisher分对特征进行降维处理,选择出与类别相关度大的特征子集;为解决样本的多元性问题,引入超图的Helly属性对得到的特征子集进行再次筛选,得到最终的最优特征子集;利用随机森林和改进的K均值(K-Means)聚类作为联合分类器,采用二次检测的方式确定样本所属类别。实验结果表明,该方法有效且可行,为入侵检测提供了可参考的算法模型。To improve the detection rate of intrusion detection methods,reduce false positives,and improve the accuracy of attacks against unknown types,a two-level hybrid intrusion detection method based on feature selection was proposed.The fisher score based on the filtering mode was used to reduce the dimension,and a feature subset with a large degree of relevance to the category was selected.To solve the problem of sample multivariate,the new feature subset was selected again using the Helly property of the hypergraph to obtain the final optimal feature subset.The random forest and the improved K-Means clustering were used as the joint classifier,and the category of the sample was determined by means of secondary detection.Experimental results show that the proposed method is effective and feasible,and it provides an algorithm model for intrusion detection.

关 键 词：入侵检测 特征选择 fisher分 降维处理 超图 随机森林 K均值 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]