基于改进鸽群算法组合优化的入侵检测模型  

作　　者：王春东 雷杰斌 WANG Chundong;LEI Jiebin(School of Computer Science and Engineering,Tianjin University of Technology,Tianjin 300384,China;National Engineering Laboratory for Computer Virus Prevention and Control Technology,Tianjin 300384,China)

机构地区：[1]天津理工大学计算机科学与工程学院,天津300384 [2]计算机病毒防治技术国家工程实验室,天津300384

出　　处：《计算机科学》2024年第S02期904-910,共7页Computer Science

基　　金：国家自然科学基金联合基金(U1536122);天津市科委重大专项(15ZXDSGX00030)。

摘　　要：入侵检测作为一种保护网络免受攻击的安全防御技术,在网络安全领域中扮演着重要的角色。研究人员利用机器学习技术提出了不同的网络入侵检测模型。然而,特征冗余和机器学习参数优化问题仍然是入侵检测系统面临的挑战。现有研究均将二者视为独立问题,分别优化。但机器学习参数与训练数据中的特征密切相关,特征集的改变很可能引起最优机器学习参数的变化。针对这一问题,提出了一种基于改进鸽群算法组合优化的入侵检测方法(ICOPIO)。该方法可以同时实现特征筛选和机器学习参数优化,避免了人为参数设置的干扰,减少了冗余和无关特征的影响,进一步提高了入侵检测模型的性能。此外,还利用Spark对ICOPIO进行并行化处理,提高了ICOPIO的效率。最后,使用NSL-KDD和UNSW-NB15两个入侵检测标准数据集对模型进行了评估,与现有的几种相关方法相比,所提出的模型在TPR、FPR、平均准确率上都取得了最好的结果,且证明了ICOPIO具有良好的可扩展性。Intrusion detection,as a security defense technique to protect the network from attacks,plays an important role in the field of network security.Researchers have proposed different network intrusion detection models using machine learning techniques.However,the problems of feature redundancy and machine learning parameter optimization are still challenges for intrusion detection systems.Existing studies considerthe two as independent problems and optimized them separately.However,the machine learning parameters are closely related to the features in the training data,and changes in the feature set are likely to cause changes in the optimal machine learning parameters.To address this problem,an intrusion detection method based on combined optimization of improved pigeon flocking algorithm(ICOPIO)is proposed.It can simultaneously achieve feature screening and machine learning parameter optimization,avoiding the interference of human parameter settings,reducing the influence of redundant and irrelevant features,and further improving the performance of the intrusion detection model.In addition,Spark is used to parallelize ICOPIO to improve the efficiency of ICOPIO.Finally,two intrusion detection standard datasets,NSL-KDD and UNSW-NB15,are used to evaluate the model,and by comparing with several existing related methods,the proposed model achieves the best results in the evaluation metrics of TPR,FPR,and average accuracy,and it proves that ICOPIO has good scalability.

关 键 词：特征选择 参数优化 入侵检测 并行化 鸽群算法 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]