一种基于可拓距的特征变换方法及其在网络入侵检测中的应用
摘要:
作为识别攻击或异常行为以保护网络安全的重要步骤之一,网络入侵检测常常与数据挖掘或机器学习技术结合应用.如今,随着网络数据的爆炸性增长,传统的入侵检测技术面临着海量数据检测处理的问题,现有入侵检测系统往往难以同时满足实时性和有效性的需求.本文尝试将可拓学中的可拓距概念引入网络入侵检测研究中,提出了一种基于可拓距的特征变换方法,将数据点的原特征映射为簇外中心距和簇内可拓距这两大部分,根据原始数据多维特征生成新的特征,以达到特征降维的目的,旨在同时满足网络入侵检测系统的实时性和有效性的需求.本文使用KDD CUP 99作为仿真数据集测试所提出的基于可拓距的方法在网络入侵检测特征变换中的应用效果.实验结果表明,较之传统的KNN算法,基于可拓距的方法明显地减少了检测时间,而同时其检测率的下降可以控制在1%之内,具有较好的时效性优势.
As one of the important steps to identify attacks or abnormal behavior to protect network security,network intrusion detection is often used in conjunction with data mining or machine learning techniques.Nowadays,with the explosive growth of network data,the traditional intrusion detection technology is faced with the problem of massive data detection and processing.The existing intrusion detection system is often difficult to meet the real-time demand and the effective demand at the same time.This paper attempts to introduce the concept of extension distance from Extenics into the research of network intrusion detection,and proposes a feature transformation method based on extension distance,which maps the original features of data points into two parts,namely center distance out of the cluster and extension distance in the cluster,the new features are generated according to the multidimensional features of the original data,in order to meet the purpose of reducing feature dimensionality and satisfying the real-time performance and the effectiveness of the network intrusion detection system at the same time.In this paper,KDD CUP 99 data set is used as the simulation data set to test the effectiveness of the proposed method which based on extended distance and using in network intrusion detection.The experimental results show that compared with the traditional KNN algorithm,the new method which based on extended distance can obviously reduce the detection time,and the decrease of the detection rate can be controlled within 1%,so it has a better time advantage.
作者:
徐慧 刘翔 方策 宗欣露
机构地区:
湖北工业大学计算机学院
出处:
《betway官方app 学报:自然科学版》 CAS 北大核心 2017年第5期101-107,共7页
基金:
国家自然科学基金(61602162 61440024 61502155) 湖北工业大学博士科研启动基金计划项目(BSQD12029)
关键词:
网络入侵检测 特征变换 可拓学 簇外中心距 簇内可拓距
network intrusion detection feature transformation Extenics cluster distance outer center distance extension distance in the cluster
分类号:
TP393.08 [自动化与计算机技术—计算机应用技术]