Intrusion detection method based on observational learning

A technology of observation learning and intrusion detection, which is applied in the field of pattern recognition and machine learning, can solve the problems of not effectively using unlabeled data, algorithm performance is not necessarily the best, and the process is lengthy and boring, so as to improve the performance of classifiers and improve the overall performance, confidence-enhancing effects

Inactive Publication Date: 2012-10-10
XIDIAN UNIV
View PDF3 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, just like general machine learning problems, semi-supervised learning also suffers from the problem of "selective superiority", that is, each method shows better performance in some domains, but not all domains.
Thus, a dilemma arises: Which method should be used for a certain application task? If you want to select the algorithm with the best performance, the process is tedious and tedious; if you want the selection process to be simple, the performance of the selected algorithm may not be the best
Based on this idea, people have proposed many intrusion detection methods, but most of the existing methods have defects of varying degrees, such as high false positive rate, high false negative rate, etc., and most of them have not effectively utilized a large number of unlabeled data. The same problem exists in pure observation learning.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion detection method based on observational learning
  • Intrusion detection method based on observational learning
  • Intrusion detection method based on observational learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] The invention is an intrusion detection method based on observation learning, that is, an intrusion detection method based on SSELOLA (Semi-Supervised Ensemble Learning Based Observational Learning Algorithm).

[0042] The data used in the present invention is taken from a marked data set for abnormal detection provided by DARPA for the KDD (Knowledge Discovery and Data Mining) competition in 1999, referred to as KDDCUP99. The data set includes 5 million training sets and 3 million test sets. The data includes four types of attacks: Dos (Denial of Service Attack), R2L (Unauthorized Remote Access), U2R (Illegal Access to Local Super Users) and Probe (scan and probe), the others are normal data. The present invention uses 13 of 41 attributes. Since many of these user behavior features are redundant features, only 13 of them are selected to simplify the problem.

[0043] The present invention selects all 52 pieces of data in the U2L set and marks them as the fifth category. Fr...

Embodiment 2

[0062] The method of intrusion detection based on observation learning is the same as in Example 1. Take 50% of the marked data in the training set of KDDCUP99 as an example, see figure 2 The implementation process of the intrusion detection method based on SSELOLA is as follows:

[0063] Input: Unlabeled data set x containing 147 data u , A labeled data set X containing 146 data l , A test set T containing 2959 data.

[0064] Output: the classification error rate on the test set T.

[0065] (1) Select the back-propagation neural network algorithm with hidden units of 10, 20, 30, 40 and 50 respectively, and a total of five algorithms are denoted as L 1 , L 2 , L 3 , L 4 , L 5 .

[0066] (2) For the retrieved unlabeled data set X containing 147 data u , A labeled data set containing 146 data (initial training set) X l , A test set T containing 2959 data and five learning algorithms L 1 , L 2 , L 3 , L 4 , L 5 , Combined figure 2 To X l Respectively use algorithm L 1 ~L 5 Perform train...

Embodiment 3

[0075] The method of intrusion detection based on observation and learning is the same as in Example 1-2, taking 20% ​​of the marked data in the training set of KDDCUP99 as an example, see image 3 , The specific process is as follows:

[0076] Take 59 data into the marked data set, take 234 data into the unmarked data set, and put the remaining data into the test set. Used on the labeled data set, five back-propagation neural network learning algorithms are used for training respectively, and five classifiers are obtained. For one of the five classifiers, L, observe and learn the output of the other four classifiers in the unlabeled data set added each time, and perform majority voting based on these outputs to obtain a new labeled data set. Then add it to the training data set corresponding to the classifier, and remove the set of data in the corresponding unlabeled data set. Then use the new training data set to retrain the corresponding classifier, and then continue to obser...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an intrusion detection method based on observational learning. According to the intrusion detection method, the observational learning and semi-supervised ensemble learning are combined, unlabeled data is labeled to form a labeled data set with an ensemble result by individual classifier by observing output results to an unlabeled data set by other classifiers in network data detection, and the labeled data set is added to the original labeled data set to train the classifier again. According to the intrusion detection method, the unlabeled data is fully used and is translated to the labeled data to further improve the performance of the classifiers, and the intrusion detection method also has good detection effect in the case of a small amount of the labeled data. According to the intrusion detection method, each classifier generates virtual data per se without help of any external forces in the learning process, the virtual data and initial data set are trained, re-observed and re-trained together, and the identification performance of a detection system is effectively improved. The intrusion detection method can be expanded for processing a large amount of unlabeled training data, such as the application fields of medical images, web page classification, remote sensing image processing, face identification, and the like.

Description

Technical field [0001] The invention belongs to the technical field of pattern recognition and machine learning, and relates to an intrusion detection method based on observation learning, specifically an intrusion detection method based on observation learning, which can be used to further improve the recognition rate of the detection system when there is only a small amount of labeled data. . The proposed intrusion detection method can be extended to application fields with less labeled data but more unlabeled data, such as medical image processing, web page classification, remote sensing image processing, face recognition, etc. Background technique [0002] In the real world, there are many problems that require obtaining a large amount of labeled data to train high-precision classifiers, but the acquisition of labeled data is very difficult, and even consumes a lot of manpower and material resources. However, with the rapid development of data collection and storage technolo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62
Inventor 杨利英仲珊丽李菲
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap