Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Intrusion detection method based on observational learning

An observation learning and intrusion detection technology, applied in the field of pattern recognition and machine learning, can solve the problems of not effectively using unlabeled data, algorithm performance is not necessarily the best, and the process is tedious and boring, so as to improve the performance of the classifier and improve the overall performance. performance, confidence-enhancing effects

Inactive Publication Date: 2014-12-17
XIDIAN UNIV
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, just like general machine learning problems, semi-supervised learning also suffers from the problem of "selective superiority", that is, each method shows better performance in some domains, but not all domains.
Thus, a dilemma arises: Which method should be used for a certain application task? If you want to select the algorithm with the best performance, the process is tedious and tedious; if you want the selection process to be simple, the performance of the selected algorithm may not be the best
Based on this idea, people have proposed many intrusion detection methods, but most of the existing methods have defects of varying degrees, such as high false positive rate, high false negative rate, etc., and most of them have not effectively utilized a large number of unlabeled data. The same problem exists in pure observation learning.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion detection method based on observational learning
  • Intrusion detection method based on observational learning
  • Intrusion detection method based on observational learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] The invention is an intrusion detection method based on observation learning, that is, an intrusion detection method based on SSELOLA (Semi-Supervised Ensemble Learning Based Observational Learning Algorithm).

[0042] The data used in the present invention is taken from an anomaly detection marked data set abbreviated KDDCUP99 provided by DARPA for the KDD (Knowledge Discovery and Data Mining) competition in 1999. The data set includes 5 million training sets and 3 million test sets. The data includes four types of attacks: Dos (denial of service attack), R2L (unauthorized remote access), U2R (unauthorized access to local super users) and Probe (scanning and detection), others are normal data. The present invention uses 13 of the 41 attributes. Since many of these user behavior features are redundant features, only 13 of them are selected to reflect the user behavior in order to simplify the problem.

[0043] The present invention selects all 52 pieces of data in the ...

Embodiment 2

[0062] The intrusion detection method based on observation and learning is the same as that in Example 1, taking 50% of the marked data in the training set of KDDCUP99 as an example, see figure 2 , the implementation process of the intrusion detection method based on SSELOLA is as follows:

[0063] Input: an unlabeled dataset x containing 147 data u , a labeled dataset X containing 146 data l , a test set T containing 2959 data.

[0064] Output: Classification error rate on the test set T.

[0065] (1) Select the backpropagation neural network algorithm with hidden units of 10, 20, 30, 40 and 50, and a total of five algorithms are denoted as L 1 , L 2 , L 3 , L 4 , L 5 .

[0066] (2) For the extracted unlabeled data set X containing 147 data u , a labeled dataset containing 146 data (initial training set) X l , a test set T containing 2959 data and five learning algorithms L 1 , L 2 , L 3 , L 4 , L 5 , combined with figure 2 to x l Algorithm L 1 ~ L 5 Perf...

Embodiment 3

[0075] The intrusion detection method based on observation and learning is the same as that in Embodiment 1-2, and the marked data in the training set of KDDCUP99 accounts for 20% as an example, see image 3 , the specific process is as follows:

[0076] Take out 59 data into the marked data set, take out 234 data into the unmarked data set, and put the remaining data into the test set. Five backpropagation neural network learning algorithms are used to train on the labeled data set, and five classifiers are obtained. For one classifier L among these five classifiers, observe and learn the output of the other four classifiers in each added unlabeled data set, and perform a majority vote based on these outputs to obtain a new labeled data set, Then add it to the training data set corresponding to the classifier, and remove this set of data in the corresponding unlabeled data set. Then use the new training data set to retrain the corresponding classifier, and then continue to ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an intrusion detection method based on observational learning. According to the intrusion detection method, the observational learning and semi-supervised ensemble learning are combined, unlabeled data is labeled to form a labeled data set with an ensemble result by individual classifier by observing output results to an unlabeled data set by other classifiers in network data detection, and the labeled data set is added to the original labeled data set to train the classifier again. According to the intrusion detection method, the unlabeled data is fully used and is translated to the labeled data to further improve the performance of the classifiers, and the intrusion detection method also has good detection effect in the case of a small amount of the labeled data. According to the intrusion detection method, each classifier generates virtual data per se without help of any external forces in the learning process, the virtual data and initial data set are trained, re-observed and re-trained together, and the identification performance of a detection system is effectively improved. The intrusion detection method can be expanded for processing a large amount of unlabeled training data, such as the application fields of medical images, web page classification, remote sensing image processing, face identification, and the like.

Description

technical field [0001] The invention belongs to the technical field of pattern recognition and machine learning, and relates to an intrusion detection method based on observation learning, in particular to an intrusion detection method based on observation learning, which can be used to further improve the recognition rate of a detection system when there is only a small amount of marked data . The proposed intrusion detection method can be extended to applications with less labeled data and more unlabeled data, such as medical image processing, webpage classification, remote sensing image processing, face recognition, etc. Background technique [0002] In the real world, there are many problems that require a large amount of labeled data to train high-precision classifiers, but it is very difficult to obtain labeled data, and even consumes a lot of manpower and material resources. However, with the rapid development of data collection and storage technology, the acquisitio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06K9/62
Inventor 杨利英仲珊丽李菲
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products