基于Stacking集成学习的恶意攻击检测方法  

作　　者：左胜勇 冯立超 陈学斌 郭宸良 ZUO Sheng-yong;FENG Li-chao;CHEN Xue-bin;GUO Chen-liang(College of Science,Hebei Key Laboratory of Data Science and Application,North China University of Science and Technology,Tangshan Hebei 063210,China)

机构地区：[1]华北理工大学理学院,河北省数据科学与应用重点实验室,河北唐山063210

出　　处：《华北理工大学学报（自然科学版）》2024年第3期104-111,共8页Journal of North China University of Science and Technology：Natural Science Edition

基　　金：国家自然科学基金区域创新发展联合基金项目(U20A20179):基于Sketch的网络行为测量关键技术与系统。

摘　　要：伴随着互联网的快速发展,网络安全问题越发严峻,尤其是网络攻击变得更加频繁,对其检测防控迫在眉睫。该研究主要提出了一种新的LightGBM-XGboost-Random forest的Stacking集成学习模型;新的特征提取方法也被相应提出,通过探索性数据分析对特征集进行重要特征提取,较传统方法更快速、方便;相比于单一模型与传统模型,该Stacking集成学习模型的检测精确度更高,对LUFlows数据集进行实践训练,该集成模型检测精确度可达到97.0%,明显高于单一使用LightGBM模型、XGboost模型、Random forest模型的精确度;同时引入NSL-KDD数据集对该Stacking集成学习模型进行泛化能力测试,与最新的研究进行比对,LXR模型测得F1-score为0.8709,优于多数模型结果。表明该集成学习模型能够提供一种更为精确有效且泛化能力强的网络攻击检测方法,以更好地维护网络空间安全。As rapid development of the Internet,the problem of network security is becoming more and more serious,especially as network attacks have become more frequent,the detection and prevention are urgent.In this paper,a new Stacking ensemble learning model of LightGBM-XGboost-Random forest was proposed,and metrics such as F1-score were introduced to evaluate the model.A new feature extraction method was proposed to extract important features from the feature set through exploratory data analysis,which is faster and more convenient than the traditional method.Compared with the single model and the traditional model,the detection accuracy of the Stacking ensemble learning model is higher than them,after practical training on the LUFlows dataset,the detection accuracy of the Stacking ensemble learning model can reach 97.0%,which is significantly higher than the accuracy of LightGBM model,XGboost model and Random forest model.Meanwhile,the NSL-KDD dataset was introduced to test the generalization ability of the Stacking ensemble learning model,and good results were achieved compared with the latest research.This ensemble learning model provides us with a more accurate and effective network attack detection method with a strong generalization ability to better maintain cyberspace security.

关 键 词：轻量化梯度提升 极端梯度提升 随机森林 

分 类 号：TP393.0[自动化与计算机技术—计算机应用技术]