一种基于DBN的入侵检测误报消除算法
|
摘要
海量数据环境下入侵检测系统中误报数据对攻击事件的分析带来了很大干扰,针对入侵检测中大量误报,提出一种基于误报消除指标和DBN网络结构相结合的适应度评价标准,基于上述标准提出一种寻优DBN网络结构的改进PSO算法,并将该DBN用于入侵检测中,以提高入侵检测系统效率。实验结果表明,上述算法构建的DBN消除率平均值比改进FCM和改进K-means算法分别高16.78%和11.61%,误消除率平均值比改进FCM、改进K-means算法分别低6.475%和3.142%,具备良好误报消除效果。
The alarm data in intrusion detection system under the massive data environment are mixed with a large amount of false alarm data, which brings a great deal of interference to the analysis of the attack event. For the large number of false alarms in intrusion detection, the paper proposed a fitness evaluation criterion based on the combination of false positive elimination indicators and DBN network structure. Based on this criterion, the paper proposed an improved PSO algorithm for optimizing the DBN network structure, and the DBN used in intrusion detection to improve the efficiency of the intrusion detection system. The experimental results show that the average elimination rate of the DBN built by the paper's method is 16.78% and 11.61% higher than those of the Improved FCM and Improved K-means algorithms, respectively. The average of the false elimination rate is 6.475% and 3.142% lower than the Improved FCM and Improved K-means algorithms, respectively, which has good false alarm elimination effect.
The alarm data in intrusion detection system under the massive data environment are mixed with a large amount of false alarm data, which brings a great deal of interference to the analysis of the attack event. For the large number of false alarms in intrusion detection, the paper proposed a fitness evaluation criterion based on the combination of false positive elimination indicators and DBN network structure. Based on this criterion, the paper proposed an improved PSO algorithm for optimizing the DBN network structure, and the DBN used in intrusion detection to improve the efficiency of the intrusion detection system. The experimental results show that the average elimination rate of the DBN built by the paper's method is 16.78% and 11.61% higher than those of the Improved FCM and Improved K-means algorithms, respectively. The average of the false elimination rate is 6.475% and 3.142% lower than the Improved FCM and Improved K-means algorithms, respectively, which has good false alarm elimination effect.
引文
[1]赵云山,宫云战,周傲,王前,周虹伯.静态缺陷检测中的误报消除技术研究[J].计算机研究与发展,2012,49(9):1822-1831.
[2]魏思政,刘厚泉,赵志凯.基于DBN-ELM的入侵检测研究[J].计算机工程,2017-9:1-6.
[3]吕启,窦勇,牛新,徐佳庆,夏飞.基于DBN模型的遥感图像分类[J].计算机研究与发展,2014,51(9):1911-1918.
[4]努尔布力,解男男,陈飞彦,胡亮.一种基于条件随机场的入侵检测误报滤除方法[J].中国科技论文,2012,7(10):757-761.
[5]Y D Lin,Y C Lai,C Y Ho,W H Tai.Creditability-based weighted voting for reducing false positives and negatives in intrusion detection[J].Computers&Security,2013,39:460-474.
[6]G P Spathoulas,S K Katsikas.Reducing false positives in intrusion detection systems[J].Computers&Security,2010,29(1):35-44.
[7]解男男.机器学习方法在入侵检测中的应用研究[D].吉林大学,2015.
[8]郭成华.基于KDD CUP99数据集的入侵检测系统的设计与实现[J].网络安全技术与应用,2017,(12):57-60.
[9]S Cui,N Ding.Customer churn prediction using improved FCM algorithm[C].International Conference on Information Management.IEEE,2017:112-117.
[10]C Liu,et al.Improved K-means algorithm based on hybrid rice optimization algorithm[C].IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems:Technology and Applications.IEEE,2017:788-791.
[11]郝秀兰,陶晓鹏,徐和祥,胡运发.KNN文本分类器类偏斜问题的一种处理对策[J].计算机研究与发展,2009,46(01):52-61.
[12]赵延龙,滑楠,于振华.基于二次搜索的改进粒子群算法[J].计算机应用,2017,37(9):2541-2546.
[13]温涛,盛国军,郭权,李迎秋.基于改进粒子群算法的Web服务组合[J].计算机学报,2013,36(05):1031-1046.
[14]N Gao,L Gao,Q Gao,H Wang.An Intrusion Detection Model Based on Deep Belief Networks[C].Second International Conference on Advanced Cloud and Big Data.IEEE Computer Society,2014:247-252.
[15]刘明吉,王秀峰,黄亚楼.数据挖掘中的数据预处理[J].计算机科学,2000,27(4):54-57.
[16]卿斯汉,蒋建春,马恒太,文伟平,刘雪飞.入侵检测技术研究综述[J].通信学报,2004,(7):19-29.
[2]魏思政,刘厚泉,赵志凯.基于DBN-ELM的入侵检测研究[J].计算机工程,2017-9:1-6.
[3]吕启,窦勇,牛新,徐佳庆,夏飞.基于DBN模型的遥感图像分类[J].计算机研究与发展,2014,51(9):1911-1918.
[4]努尔布力,解男男,陈飞彦,胡亮.一种基于条件随机场的入侵检测误报滤除方法[J].中国科技论文,2012,7(10):757-761.
[5]Y D Lin,Y C Lai,C Y Ho,W H Tai.Creditability-based weighted voting for reducing false positives and negatives in intrusion detection[J].Computers&Security,2013,39:460-474.
[6]G P Spathoulas,S K Katsikas.Reducing false positives in intrusion detection systems[J].Computers&Security,2010,29(1):35-44.
[7]解男男.机器学习方法在入侵检测中的应用研究[D].吉林大学,2015.
[8]郭成华.基于KDD CUP99数据集的入侵检测系统的设计与实现[J].网络安全技术与应用,2017,(12):57-60.
[9]S Cui,N Ding.Customer churn prediction using improved FCM algorithm[C].International Conference on Information Management.IEEE,2017:112-117.
[10]C Liu,et al.Improved K-means algorithm based on hybrid rice optimization algorithm[C].IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems:Technology and Applications.IEEE,2017:788-791.
[11]郝秀兰,陶晓鹏,徐和祥,胡运发.KNN文本分类器类偏斜问题的一种处理对策[J].计算机研究与发展,2009,46(01):52-61.
[12]赵延龙,滑楠,于振华.基于二次搜索的改进粒子群算法[J].计算机应用,2017,37(9):2541-2546.
[13]温涛,盛国军,郭权,李迎秋.基于改进粒子群算法的Web服务组合[J].计算机学报,2013,36(05):1031-1046.
[14]N Gao,L Gao,Q Gao,H Wang.An Intrusion Detection Model Based on Deep Belief Networks[C].Second International Conference on Advanced Cloud and Big Data.IEEE Computer Society,2014:247-252.
[15]刘明吉,王秀峰,黄亚楼.数据挖掘中的数据预处理[J].计算机科学,2000,27(4):54-57.
[16]卿斯汉,蒋建春,马恒太,文伟平,刘雪飞.入侵检测技术研究综述[J].通信学报,2004,(7):19-29.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |