网络入侵检测的机器学习算法评估与比较
|
摘要
入侵检测传统方法的准确性和有效性已经无法满足大数据时代的需求,机器学习算法日趋成为主流。现主要研究侧重于机器学习算法中的支持向量机,但其也有自身的缺点。因此,引入其他机器学习中的其他优秀分类算法,并使用经典的NSL-KDD数据集对比算法的准确性,分析适用环境,为将来不同场景下的入侵检测分析提供基础。在使用数据集完成模型训练后,使用ROC曲线、准确率等指标对模型进行评估,得出了较好的结果。
Traditional intrusion detection method is unable to meet the needs of big-data era in accuracy and effectiveness, while the machine-learning algorithm is becoming main-stream. Now the main research focuses on machine-learning algorithm in support vector machines, and however it also has its own defects. Therefore, other excellent classification algorithms in machine learning are introduced. In addition, the classical NSL-KDD data set is used to compare the accuracy of the algorithm, and the applicable environment analyzed, thus to provide a basis for intrusion detection analysis in different scenarios in the future. After using the data set to complete the model training, the ROC curve, accuracy and other indicators are used to evaluate the model, and fairly good results are acquired.
Traditional intrusion detection method is unable to meet the needs of big-data era in accuracy and effectiveness, while the machine-learning algorithm is becoming main-stream. Now the main research focuses on machine-learning algorithm in support vector machines, and however it also has its own defects. Therefore, other excellent classification algorithms in machine learning are introduced. In addition, the classical NSL-KDD data set is used to compare the accuracy of the algorithm, and the applicable environment analyzed, thus to provide a basis for intrusion detection analysis in different scenarios in the future. After using the data set to complete the model training, the ROC curve, accuracy and other indicators are used to evaluate the model, and fairly good results are acquired.
引文
[1]尹清波.基于机器学习的入侵检测方法研究[D].哈尔滨:哈尔滨工程大学,2007.YIN Qing-bo.Research on Intrusion Detection Method Based on Machine Learning[D].Harbin:Harbin Institute of Engineering,2007.
[2]Chand N,Mishra P,Krishna C R,et al.A Comparative Analysis of SVM and Its Stacking with Other Classification Algorithm for Intrusion Detection[C].International Conference on Advances in Computing,Communication,&Automation IEEE,2016:1-6.
[3]张龙璨,柳斌,李芝棠.机器学习分类下网络流量的特征选取[J].广西大学学报:自然科学版,2011,36(S1):6-10.ZHANG Long-can,LIU Bin,LI Zhi-Tang.Spatial Selection of Network Traffic under Machine Learning Classification[J].Journal of Guangxi University:Natural Science Edition,2011,36(S1):6-10.
[4]关可卿,李洪心,孔宪丽.基于贝叶斯逐步判别法的入侵检测模型研究[J].数学的实践与认识,2013,43(09):172-180.GUAN Ke-qing,LI Hong-xin,KONG Xian-li.Study on Intrusion Detection Model Based on Bayesian Stepwise Discriminant Method[J].Journal of Mathematical Practice and Theory,2013,43(09):172-180.
[5]张夏天.统计学习理论和SVM的不足[EB/OL].(2009-08-11)[2017-07-26].http://blog.sciencenet.cn/blog-230547-248821.html.ZHANG Xia-tian.The Theory of Statistical Learning and the Lack of SVM[EB/OL].(2009-08-11)[2017-07-26].http://blog.sciencenet.cn/blog-230547-248821.html.
[6]刘春燕,翟光群.ID3算法在入侵检测系统中的研究与改进[J].计算机安全,2010(05):41-44.LIU Chun-yan,ZHAI Guang-qun.Study and Improvement of ID3 Algorithm in Intrusion Detection System[J].Computer Safety,2010(05):41-44.
[7]钱燕燕,李永忠,余西亚.基于多标记与半监督学习的入侵检测方法研究[J].计算机科学,2015,42(02):134-136.QIAN Yan-yan,LI Yong-zhong,YU Xi-ya.Study on Intrusion Detection Method based on Multi-tag and Semi-supervised Learning[J].Journal of Computer Science,2015,42(02):134-136.
[8]SkalskáH,Freylich V.Web-bootstrap Estimate of Area under ROC Curve[J].Austrian Journal of Statistics,2016,35(02&03):325-330.
[9]周志华.机器学习[M].北京:清华大学出版社,2016:30-31.ZHOU Zhi-hua.Machine Learning[M].Beijing:Tsinghua University Press,2016:30-31.
[2]Chand N,Mishra P,Krishna C R,et al.A Comparative Analysis of SVM and Its Stacking with Other Classification Algorithm for Intrusion Detection[C].International Conference on Advances in Computing,Communication,&Automation IEEE,2016:1-6.
[3]张龙璨,柳斌,李芝棠.机器学习分类下网络流量的特征选取[J].广西大学学报:自然科学版,2011,36(S1):6-10.ZHANG Long-can,LIU Bin,LI Zhi-Tang.Spatial Selection of Network Traffic under Machine Learning Classification[J].Journal of Guangxi University:Natural Science Edition,2011,36(S1):6-10.
[4]关可卿,李洪心,孔宪丽.基于贝叶斯逐步判别法的入侵检测模型研究[J].数学的实践与认识,2013,43(09):172-180.GUAN Ke-qing,LI Hong-xin,KONG Xian-li.Study on Intrusion Detection Model Based on Bayesian Stepwise Discriminant Method[J].Journal of Mathematical Practice and Theory,2013,43(09):172-180.
[5]张夏天.统计学习理论和SVM的不足[EB/OL].(2009-08-11)[2017-07-26].http://blog.sciencenet.cn/blog-230547-248821.html.ZHANG Xia-tian.The Theory of Statistical Learning and the Lack of SVM[EB/OL].(2009-08-11)[2017-07-26].http://blog.sciencenet.cn/blog-230547-248821.html.
[6]刘春燕,翟光群.ID3算法在入侵检测系统中的研究与改进[J].计算机安全,2010(05):41-44.LIU Chun-yan,ZHAI Guang-qun.Study and Improvement of ID3 Algorithm in Intrusion Detection System[J].Computer Safety,2010(05):41-44.
[7]钱燕燕,李永忠,余西亚.基于多标记与半监督学习的入侵检测方法研究[J].计算机科学,2015,42(02):134-136.QIAN Yan-yan,LI Yong-zhong,YU Xi-ya.Study on Intrusion Detection Method based on Multi-tag and Semi-supervised Learning[J].Journal of Computer Science,2015,42(02):134-136.
[8]SkalskáH,Freylich V.Web-bootstrap Estimate of Area under ROC Curve[J].Austrian Journal of Statistics,2016,35(02&03):325-330.
[9]周志华.机器学习[M].北京:清华大学出版社,2016:30-31.ZHOU Zhi-hua.Machine Learning[M].Beijing:Tsinghua University Press,2016:30-31.