基于邻域量化容差条件熵增量式更新的网络入侵检测方法  被引量：4

作　　者：骆公志 侯若娴 LUO Gongzhi;HOU Ruoxian(School of Management,Nanjing University of Posts and Telecommunications,Nanjing 210003,China)

机构地区：[1]南京邮电大学管理学院,南京210003

出　　处：《数据采集与处理》2024年第1期181-192,共12页Journal of Data Acquisition and Processing

基　　金：国家自然科学基金(72171124);江苏高校哲学社会科学研究重大项目(2021SJZDA129);江苏省研究生科研创新计划项目(KYCX21_0838)。

摘　　要：网络入侵检测系统是网络信息安全防护的重要防御工具,而复杂的、冗长的网络入侵行为特征严重影响了网络入侵检测的效果。针对网络入侵检测中信息量增长迅速、数据不完备的现实问题,提出一种基于邻域量化容差条件熵增量式更新的特征选择算法。首先,在邻域量化容差粒计算的基础上,结合条件熵在刻画特征不确定性、对特征之间的相关或依赖程度方面的显著特性,研究了邻域量化容差条件熵的增量式更新机制;然后,基于该更新机制提出动态数据库增量式更新的特征选择算法;最后,通过数据实验分析验证了所提出的算法能有效提高不完备信息系统特征选择的计算效率。新提出的算法在网络入侵检测实例应用中体现的计算复杂度及虚警率低的优势,表明其可为网络信息安全防护提供有效可行的具体方法。Network intrusion detection system is an important defense tool for network information security protection,and the complicated and lengthy network intrusion behavior features seriously affect the effectiveness of network intrusion detection.In order to solve the problem of rapid information growth and incomplete data in network intrusion detection,an incremental feature selection algorithm based on neighborhood valued tolerance condition entropy is proposed.Firstly,on the basis of neighborhood valued tolerance granular computing,combined with the remarkable characteristics of conditional entropy in characterizing the uncertainty of features and the correlation or dependency between features,the incremental updating mechanism of neighborhood valued tolerance conditional entropy is studied.Then,based on the update mechanism,an incremental feature selection algorithm for dynamic database is proposed.Finally,the experimental analysis shows that the proposed algorithm can effectively improve the computational efficiency of feature selection in incomplete information systems.The new algorithm has the advantages of low computational complexity and low false alarm rate in the application of network intrusion detection examples,which shows that it can provide effective and feasible concrete methods for network information security protection.

关 键 词：不完备信息系统 邻域粗糙集 条件熵 增量式学习 网络入侵检测 

分 类 号：TP181[自动化与计算机技术—控制理论与控制工程]