Method for intrusion detection based on negative selection and information gain

An information gain and intrusion detection technology, applied in the field of network security, can solve the problems of low positive detection rate, unstable detection effect, and high false alarm rate, and achieve the effect of good detection effect and stable detection effect.

Inactive Publication Date: 2011-08-24
XIDIAN UNIV
View PDF2 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The detection effect of NSA mainly depends on the coverage effect of the generated detector on the abnormal area. When the data in the self-set is high-dimensional, it is difficult to achieve satisfactory coverage effect.
Since the ne

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for intrusion detection based on negative selection and information gain
  • Method for intrusion detection based on negative selection and information gain
  • Method for intrusion detection based on negative selection and information gain

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] refer to figure 1 , the specific implementation steps of the present invention are as follows:

[0028] Step 1. Read the normal network data from the KDD99 training data set as the self-pattern set. During the reading process, assign a radius r to each self-pattern s , the radius is constant.

[0029] Step 2, transform, normalize and discretize the data in the read-in self-pattern set.

[0030] (2a) Each piece of data read has 41 dimensional features, 3 of which are text features. For a certain dimensional text feature, the various types it contains are assigned integer values ​​in turn, and then converted into numerical features, using protocol_type Take this dimension as an example. It has three different types: TCP, UDP, and ICMP. Assign values ​​1, 2, and 3 to these three types in turn to realize the conversion from text features to numerical features. The remaining two-dimensional text features follow this method. transformation;

[0031] (2b) Normalize the con...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for intrusion detection base on negative selection and information gain, which mainly aims to solve the problems of poor effects and instability of the conventional negative selection algorithm (NSA) method. The method is implemented by the following steps of: (1) reading a self-mode set in; (2) performing conversion, normalization and discretization processing on data in the read-in self-mode set; (3) calculating the information gain of characteristics of 41 dimensions of the processed data; (4) selecting the characteristics of former N dimensions with higher information gain values according to calculated information gain value results, forming the self-mode set by using the data in the characteristics of the N dimensions, and training the formed self-mode set to generate a detector set; and (5) detecting the data in a test set by utilizing the generated detector set. The method has the advantages of high accurate detection rate, low rate of false alarm and capability of achieving satisfactory detection effects even with relatively less training data, and can be used for timely identifying abnormal network data and ensuring network security.

Description

technical field [0001] The invention belongs to the field of network security, and relates to a network data anomaly detection method, which can be used for network data analysis, identify abnormal network data in time, and expand unknown virus patterns to better ensure network security. Background technique [0002] With the development of the Internet, the problem of network security has attracted more and more attention. This is mainly because the Internet is an open system, and all users can conduct research on the system and ask questions, which raises many questions about security. Quite a lot of security issues have also occurred on the Internet, making security issues more concerned by everyone. When it comes to network security, many people think of firewalls first. As a static access control security product, firewalls usually use packet filtering technology to isolate networks. Although a properly configured firewall can block unexpected access requests, it cann...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 公茂果焦李成张建刘芳马文萍马晶晶方玲芬王彦涛段婷婷
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products