Spark框架下改进TrAdaBoost分布式入侵检测算法研究  被引量：2

作　　者：施永辉 杨丽敏 代琪 陈丽芳 SHI Yong-hui;YANG Li-min;DAI Qi;CHEN Li-fang(College Of Sciences,North China University of Science and Technology,Tangshan 063210,China;Department of Automation,China University of Petroleum,Beijing 102249,China)

机构地区：[1]华北理工大学理学院,河北唐山063210 [2]中国石油大学(北京)自动化系,北京102249

出　　处：《中国电子科学研究院学报》2023年第12期1129-1137,1145,共10页Journal of China Academy of Electronics and Information Technology

基　　金：河北省文化旅游大数据技术创新中心资助项目(SG2019036-yb2005)。

摘　　要：在海量网络数据中实现快速准确检测网络攻击具有重要意义。然而传统单机模式对于大数据存储和分析存在巨大局限性,同时实际网络入侵检测中难以满足源域和目标域独立同分布的条件导致入侵检测性能不高。针对以上问题,文中提出Spark框架下改进TrAdaBoost分布式入侵检测算法。该方法在基于Apache Spark的云平台Databricks下进行代码开发工作,从权重更新和最终输出机制两方面改进传统TrAdaBoost,将其应用于网络入侵检测。在NSL-KDD的仿真实验结果表明,所提方法性能相比于传统TrAdaBoost更加稳定,对少数类攻击检测有较大提升,算法整体准确率和精准率达到97%,误报率为1.4%,优于当前传统入侵检测算法。It is crucial to achieve fast and accurate detection of network attacks in massive amounts of network data.However,the traditional stand-alone model has huge limitations for large data storage and analysis,and it is difficult to meet the conditions of independent and homogeneous distribution of source and target domains in actual network intrusion detection leading to low performance of intrusion detection.To address the above problems,the improved TrAdaBoost distributed intrusion detection algorithm under Spark framework is proposed.The method performs code development work under Databricks,an Apache Spark-based cloud platform,to improve the traditional TrAdaBoost in terms of both weight update and final classifier,and apply it to network intrusion detection.The simulation experimental results in NSL-KDD show that the performance of the proposed method is more stable compared with the traditional TrAdaBoost,and has a greater improvement on the detection of a few classes of attacks.The overall accuracy and precision rate of the algorithm reaches 97%,and the false alarm rate reaches 1.4%,which is better than the current traditional intrusion detection algorithms.

关 键 词：DataBricks 分布式架构 TrAdaBoost 网络入侵检测 

分 类 号：TN918[电子电信—通信与信息系统] TP393.08[电子电信—信息与通信工程]