基于FSVM的数据挖掘方法及其在入侵检测中的应用研究
|
摘要
随着网络技术的发展和应用范围的扩大,人们越来越依赖于网络进行信息处理,信息系统已成为国家持续发展的基础设施,网络安全也就成为国家与国防安全的重要组成部分。入侵检测是继防火墙、VPN、加密等传统安全防护技术之后的新一代信息安全积极主动的防御技术,它提供了对内部攻击、外部攻击和误操作的实时保护,在网络系统受到危害之前拦截和响应入侵,有效地弥补了传统静态防御技术的不足,已成为信息技术的一个重要研究方向。因为入侵检测需要处理大量数据,以从中发现入侵行为,利用数据挖掘技术能够从大量数据中发现特征和模式,从而有效地锁定相关入侵行为。
本文的主要研究工作有:提出了一种适合于入侵检测数据的分步特征选择算法,首先利用ReliefF算法删除不相关特征,然后利用KNN算法删除冗余特征,解决了传统ReliefF方法无法取出冗余特征的问题;结合传统的类中心距离隶属度函数和KNN算法思想,给出了一种加权隶属度函数,解决了传统的基于类中心距离隶属度确定方法中无法有效区分支持向量与噪声孤立点的问题;结合支持向量机和模糊支持向量机的优点,在支持向量机中引入了模糊因子,并说明了基于模糊支持向量机的入侵检测算法。
With the development of network technology and the expansion of the scope of application,people rely more and more on network information processing. Information systems have becomean infrastructure of a country and network security, which has become an important component ofthe national security. Following the firewall, VPN, encryption and other traditional securityprotection technology, Intrusion Detect System (IDS) becomes an important security inspectionapproach. It supports the protection of computer system against the external and internal intrusionand real-time protection. Intercept and response to the invasion before being harm to the networkcan make up for the deficiency of the traditional static defense technology, the intrusion detectiontechnology has become an important research direction of the information technology. Theintrusion detection need to deal with large amounts of data in order to find the invasion behavior,using data mining technology to found in features and pattern from a large number of data, so asto effectively lock related invasion of behavior.
This thesis proposes a new feature selection algorithm for intrusion detection data. Firstly,we remove irrelevant features using ReliefF algorithm, then remove the redundant features usingKNN algorithm, so we solve the problem of the traditional ReliefF that cannot remove redundantfeatures. Then a new weighted membership function is given based on class center distance andthe KNN algorithm to distinguish support vector and the noises more effectively. Finally,considering the advantages of support vector machines and fuzzy support vector machine, webring in fuzzy factors in the support vector machine, and illustrate the intrusion detectionalgorithm that based on the fuzzy support vector machine.
本文的主要研究工作有:提出了一种适合于入侵检测数据的分步特征选择算法,首先利用ReliefF算法删除不相关特征,然后利用KNN算法删除冗余特征,解决了传统ReliefF方法无法取出冗余特征的问题;结合传统的类中心距离隶属度函数和KNN算法思想,给出了一种加权隶属度函数,解决了传统的基于类中心距离隶属度确定方法中无法有效区分支持向量与噪声孤立点的问题;结合支持向量机和模糊支持向量机的优点,在支持向量机中引入了模糊因子,并说明了基于模糊支持向量机的入侵检测算法。
With the development of network technology and the expansion of the scope of application,people rely more and more on network information processing. Information systems have becomean infrastructure of a country and network security, which has become an important component ofthe national security. Following the firewall, VPN, encryption and other traditional securityprotection technology, Intrusion Detect System (IDS) becomes an important security inspectionapproach. It supports the protection of computer system against the external and internal intrusionand real-time protection. Intercept and response to the invasion before being harm to the networkcan make up for the deficiency of the traditional static defense technology, the intrusion detectiontechnology has become an important research direction of the information technology. Theintrusion detection need to deal with large amounts of data in order to find the invasion behavior,using data mining technology to found in features and pattern from a large number of data, so asto effectively lock related invasion of behavior.
This thesis proposes a new feature selection algorithm for intrusion detection data. Firstly,we remove irrelevant features using ReliefF algorithm, then remove the redundant features usingKNN algorithm, so we solve the problem of the traditional ReliefF that cannot remove redundantfeatures. Then a new weighted membership function is given based on class center distance andthe KNN algorithm to distinguish support vector and the noises more effectively. Finally,considering the advantages of support vector machines and fuzzy support vector machine, webring in fuzzy factors in the support vector machine, and illustrate the intrusion detectionalgorithm that based on the fuzzy support vector machine.
引文
[1]王文胜,王润华,朱甫臣等.信息安全与保密:现代与未来战争的信息卫[M].北京:国防工业出版社, 2008.
[2] Takuya Inoue, Shigeo Abe. Fuzzy Support Vector Machines for Pattern Classification[C]. IEEEProceedings of International Joint Conference on Neural Networks,July 2001:1449-1454.
[3] A.B.A. Graf, A.J. Smola, S. Borer. Classification in a normalized feature space using supportvector machines[J]. IEEE Transactions on Neural Networks, 2003, 14(3):597-605.
[4] Weston J. Watkins C. Multi-class Support Vector Machines[C]. Proceedings of ESANN 99,M.Verleysen, Brussels, Belgium, 1999:1-10.
[5] Ying Tan, Jun Wang. A Support Vector Machine with a Hybrid Kernel and MinimalVapnik-Chervonenkis Dimension[C]. IEEE Transactions on Knowledge and Data Engineering,April 2004, 16(4):385-395.
[6]高隽.人工神经网络原理及仿真实例[M].北京:机械工业出版社, 2007.
[7] C.F. Lin, S.D. Wang, Fuzzy support vector machines[J], IEEE Transactions on Neural Networks,March 2002, 13(2):464-471.
[8] Takuya Inoue, Shigeo Abe. Fuzzy Support Vector Machines for Pattern Classification[C]. IEEEProceedings of International Joint Conference on Neural Networks,July 2001:1449-1454.
[9]张桂香,费岚,杜喆.基于类内超平面的模糊支持向量机[J].计算机工程与设计, 2008,29(12):3177-3178+3207.
[10]杨义先,钮心忻.入侵检测理论与技术[M].北京:高等教育出版社, 2006.
[11] Chih-Cheng Yang, Wan-Judi Lee, Shie-Jue Lee,“Learning of Kernel Functions in SupportVector Machines”, 2006 International Joint Conference on Neural Networks Sheraton VancouverWall Centre Hotel, Vancouver, BC, Canada, July16-21, 2006:1150-1155
[12] Joanna Czajkowska, Marcin Rudzki, Zbigniew Czajkowski. A New Fuzzy Support VectorsMachine for Biomedical Classification[C]. 30th Annual International IEEE EMBS ConferenceVancouver, British Columbia, Canada, August 20-24, 2008:4476-4479.
[13] Hao Tang, Liang Sheng. Fuzzy Support Vector Machine With a New Fuzzy MembershipFunction for Pattern Classification[C], Proceedings of the Seventh ICMLC, Kunming, July 2008:768-773.
[14] Hong Xia. Feature Selection based on Fuzzy SVM[C]. Fifth International Conference on FuzzySystems and Knowledge Discovery, 2008:586-589.
[15] Xuehua Li, Lan Shu. Fuzzy Theory Based Support Vector Machine Classifier[C], FifthInternational Conference on Fuzzy Systems and Knowledge Discovery, 2008: 600-605.
[16] Bai-Xing li, Qian Xu. Medical Image Classification based on Fuzzy Support VectorMachines[C]. 2008 International Conference on Intelligent Computation Technology andAutomation, 2008:145-149.
[17]安金龙,王正欧,马振平.基于密度法的模糊支持向量机[J].天津大学学报, 2004, 37(6):544-548,
[18]胡昌振.网络入侵检测原理与技术[M]北京:北京理工大学出版社. 2010
[19] P.S. Hiremath, Prabhakar C.J , A New Kernel function to extract Non Linear Interval typeFeatures Using Symbolic Kernel Fisher Discriminant Method with Application to Face Recognition,IEEE International Symposium on Biometrics and Security Technologies, ISBAST 2008. 2008:1-7
[20]李雷,周蒙蒙,鲁延玲.基于密度法的双隶属度模糊支持向量机[J],计算机技术与发展,2009(12):44-46
[21]何军,刘红岩,杜小勇.挖掘多关系关联规则.软件学报. 2007, 18(11):2752-2765.
[22] Margaret H. Dunham.数据挖掘教程[M].北京:清华大学出版社, 2005.
[23] Liu H, Yu L. Towards integrating feature selection algorithms for classification andclustering[J]. IEEE Trans on Knowledge and Data Engineering, 2005,17(4):491-502.
[24] Pabitra Miltra. Unsupervised Feature Selection Using Feature Similarity. IEEETRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE, March 2002,24(3): 301-312
[25] Liu H, Yu L. Towards integrating feature selection algorithms for classification andclustering[J]. IEEE Trans on Knowledge and Data Engineering, 2005, 17(4):491-502.
[26] Dash, M. Choi, K. Scheuermann, P. Huan Liu. Feature selection for clustering-a filter solution.Proceedings. IEEE International Conference on Data Mining, 2002:115-122.
[27] Hong Xia. Feature Selection based on Fuzzy SVM. The Fifth International Conference onFuzzy Systems and Knowledge Discovery. 2008:586-589.
[28]曹元大.入侵检测技术[M].北京:人民邮电出版社. 2007.
[29] Anderson J P. Computer security threat monitoring and surveillance. Technical Report, James PAnderson Co., Fort Washington, Pennsylvania, 1980(4).
[30] C.F. Lin, S.D. Wang, Fuzzy support vector machines[J], IEEE Transactions on NeuralNetworks, March 2002, 13(2): 464-471.
[31] V.N. Vapnik. The Nature of Statistical Learning Theory[M]. Springer-Verlag, New York. 1995:5-13.
[32] V.N. Vapnik. Statistical learning theory[M]. Wiley, New York, 1998.
[33] V.N. Vapnik. An Overview of Statistical Learning Theory[J]. IEEE Transactions on NeuralNetworks, 1999, 10(5):988-999.
[34] Vladimir N. Vapnik.统计学习理论的本质[M].北京:清华大学出版社, 2003.
[35] T. Inoue, S. Abe, Fuzzy support vector machines for pattem classification, International JointConference on Neural Networks. July 2001:1449-1454.
[36] Xuehua Li, LanShu, Fuzzy Theory Based Support Vector Machine Classifier, The FifthInternational Conference on Fuzzy Systems and Knowledge Discovery. 2008:600-604.
[37] Bai-Xing li, Qian Xu. Medical Image Classification based on Fuzzy Support Vector Machines,2008 International Conference on Intelligent Computation Technology and Automation,2008:145-149.
[2] Takuya Inoue, Shigeo Abe. Fuzzy Support Vector Machines for Pattern Classification[C]. IEEEProceedings of International Joint Conference on Neural Networks,July 2001:1449-1454.
[3] A.B.A. Graf, A.J. Smola, S. Borer. Classification in a normalized feature space using supportvector machines[J]. IEEE Transactions on Neural Networks, 2003, 14(3):597-605.
[4] Weston J. Watkins C. Multi-class Support Vector Machines[C]. Proceedings of ESANN 99,M.Verleysen, Brussels, Belgium, 1999:1-10.
[5] Ying Tan, Jun Wang. A Support Vector Machine with a Hybrid Kernel and MinimalVapnik-Chervonenkis Dimension[C]. IEEE Transactions on Knowledge and Data Engineering,April 2004, 16(4):385-395.
[6]高隽.人工神经网络原理及仿真实例[M].北京:机械工业出版社, 2007.
[7] C.F. Lin, S.D. Wang, Fuzzy support vector machines[J], IEEE Transactions on Neural Networks,March 2002, 13(2):464-471.
[8] Takuya Inoue, Shigeo Abe. Fuzzy Support Vector Machines for Pattern Classification[C]. IEEEProceedings of International Joint Conference on Neural Networks,July 2001:1449-1454.
[9]张桂香,费岚,杜喆.基于类内超平面的模糊支持向量机[J].计算机工程与设计, 2008,29(12):3177-3178+3207.
[10]杨义先,钮心忻.入侵检测理论与技术[M].北京:高等教育出版社, 2006.
[11] Chih-Cheng Yang, Wan-Judi Lee, Shie-Jue Lee,“Learning of Kernel Functions in SupportVector Machines”, 2006 International Joint Conference on Neural Networks Sheraton VancouverWall Centre Hotel, Vancouver, BC, Canada, July16-21, 2006:1150-1155
[12] Joanna Czajkowska, Marcin Rudzki, Zbigniew Czajkowski. A New Fuzzy Support VectorsMachine for Biomedical Classification[C]. 30th Annual International IEEE EMBS ConferenceVancouver, British Columbia, Canada, August 20-24, 2008:4476-4479.
[13] Hao Tang, Liang Sheng. Fuzzy Support Vector Machine With a New Fuzzy MembershipFunction for Pattern Classification[C], Proceedings of the Seventh ICMLC, Kunming, July 2008:768-773.
[14] Hong Xia. Feature Selection based on Fuzzy SVM[C]. Fifth International Conference on FuzzySystems and Knowledge Discovery, 2008:586-589.
[15] Xuehua Li, Lan Shu. Fuzzy Theory Based Support Vector Machine Classifier[C], FifthInternational Conference on Fuzzy Systems and Knowledge Discovery, 2008: 600-605.
[16] Bai-Xing li, Qian Xu. Medical Image Classification based on Fuzzy Support VectorMachines[C]. 2008 International Conference on Intelligent Computation Technology andAutomation, 2008:145-149.
[17]安金龙,王正欧,马振平.基于密度法的模糊支持向量机[J].天津大学学报, 2004, 37(6):544-548,
[18]胡昌振.网络入侵检测原理与技术[M]北京:北京理工大学出版社. 2010
[19] P.S. Hiremath, Prabhakar C.J , A New Kernel function to extract Non Linear Interval typeFeatures Using Symbolic Kernel Fisher Discriminant Method with Application to Face Recognition,IEEE International Symposium on Biometrics and Security Technologies, ISBAST 2008. 2008:1-7
[20]李雷,周蒙蒙,鲁延玲.基于密度法的双隶属度模糊支持向量机[J],计算机技术与发展,2009(12):44-46
[21]何军,刘红岩,杜小勇.挖掘多关系关联规则.软件学报. 2007, 18(11):2752-2765.
[22] Margaret H. Dunham.数据挖掘教程[M].北京:清华大学出版社, 2005.
[23] Liu H, Yu L. Towards integrating feature selection algorithms for classification andclustering[J]. IEEE Trans on Knowledge and Data Engineering, 2005,17(4):491-502.
[24] Pabitra Miltra. Unsupervised Feature Selection Using Feature Similarity. IEEETRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE, March 2002,24(3): 301-312
[25] Liu H, Yu L. Towards integrating feature selection algorithms for classification andclustering[J]. IEEE Trans on Knowledge and Data Engineering, 2005, 17(4):491-502.
[26] Dash, M. Choi, K. Scheuermann, P. Huan Liu. Feature selection for clustering-a filter solution.Proceedings. IEEE International Conference on Data Mining, 2002:115-122.
[27] Hong Xia. Feature Selection based on Fuzzy SVM. The Fifth International Conference onFuzzy Systems and Knowledge Discovery. 2008:586-589.
[28]曹元大.入侵检测技术[M].北京:人民邮电出版社. 2007.
[29] Anderson J P. Computer security threat monitoring and surveillance. Technical Report, James PAnderson Co., Fort Washington, Pennsylvania, 1980(4).
[30] C.F. Lin, S.D. Wang, Fuzzy support vector machines[J], IEEE Transactions on NeuralNetworks, March 2002, 13(2): 464-471.
[31] V.N. Vapnik. The Nature of Statistical Learning Theory[M]. Springer-Verlag, New York. 1995:5-13.
[32] V.N. Vapnik. Statistical learning theory[M]. Wiley, New York, 1998.
[33] V.N. Vapnik. An Overview of Statistical Learning Theory[J]. IEEE Transactions on NeuralNetworks, 1999, 10(5):988-999.
[34] Vladimir N. Vapnik.统计学习理论的本质[M].北京:清华大学出版社, 2003.
[35] T. Inoue, S. Abe, Fuzzy support vector machines for pattem classification, International JointConference on Neural Networks. July 2001:1449-1454.
[36] Xuehua Li, LanShu, Fuzzy Theory Based Support Vector Machine Classifier, The FifthInternational Conference on Fuzzy Systems and Knowledge Discovery. 2008:600-604.
[37] Bai-Xing li, Qian Xu. Medical Image Classification based on Fuzzy Support Vector Machines,2008 International Conference on Intelligent Computation Technology and Automation,2008:145-149.