基于互信息法的智能化运维系统入侵检测Spark实现  被引量：5

作　　者：葛军凯 李震[2] 张秀峰 史令彬 徐海宁 韩磊 GE Junkai;LI Zhen;ZHANG Xiufeng;SHI Lingbin;XU Haining;HAN Lei(Zhoushan Power Supply Company of State Grid,Zhoushan 316000,China;School of Mechanical and Electrical Engineering,Harbin Engineering University,Harbin 150001,China)

机构地区：[1]国网舟山供电公司,浙江舟山316000 [2]哈尔滨工程大学机电工程学院,黑龙江哈尔滨150001

出　　处：《自动化仪表》2022年第3期26-28,33,共4页Process Automation Instrumentation

基　　金：辽宁省教育厅科学技术基金资助项目(JZR2019004);国网浙江省电力有限公司科技基金资助项目(5211ZS190070)。

摘　　要：为了提高大数据平台处理海量数据的性能和准确性,在分析互信息(MI)算法的基础上,设计了基于MI算法的智能化运维系统入侵检测系统。选取UNSW-NB15数据集,以Spark平台进行试验设计并完成测试过程。通过Spark主执行器实现对从节点的控制功能。在入侵检测阶段,分别采用3种机器学习方法进行检测,分别通过试验对比检测率,误报率和精确度。相对于主成分分析(PCA)算法,MI算法可以获得更高的特征提取精度,检测率明显提升,降低了误报率。虽然MI算法具备较高精度,但也因此消耗较长时间。当数据量快速增加后,分布式模型表现出了更短的入侵检测时间。该研究对提高运维系统入侵检测稳定性具有一定的实践指导意义,但在小概率攻击类型中该算法存在导致检测率为零结果,有后续进一步的加强。To improve the performance and accuracy of the big data platform in processing massive data,an intelligent intrusion detection system based on the mutual information(MI)algorithm is designed based on the analysis of the MI method.The UNSW-NB15 dataset is selected,the experimental design is carried out and the testing process is completed with Spark platform,and the control function of slave nodes is realized by Spark master actuator.Three machine learning methods are used for detection in the intrusion detection phase,and experiments are done to compare the detection rate,false alarm rate and accuracy respectively.Compared with the principle component analysis(PCA)algorithm,the MI algorithm can obtain higher accuracy of feature extraction,and the detection rate is significantly improved,and the false alarm rate is reduced.Although the MI algorithm has higher accuracy,it also consumes longer time as a result.When the data volume increases rapidly,the distributed model exhibits shorter intrusion detection time.The study has some practical guidance for improving the stability of intrusion detection in operation and maintenance system(OMS),but the algorithm exists in small probability attack types leading to zero detection rate results,and further enhancements are expected to follow.

关 键 词：运维系统 互信息 智能化 入侵检测 Spark平台 

分 类 号：TH17[机械工程—机械制造及自动化]