Classification method applicable for intrusion detection

A technology of intrusion detection and classification methods, applied in the field of network security, can solve the problems of high misjudgment rate and low detection rate, and achieve the effect of improving the unsatisfactory recognition effect

Inactive Publication Date: 2017-07-21
ZHEJIANG UNIV
View PDF3 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the above-mentioned defects of SVM application in intrusion detection, the present invention proposes a sample equalization preprocessing method based on kernel-space mixed sampling technology on the training sample set, and a learning method of support vector machine integration on the classification algorithm. The scheme can improve the shortcomings of the support vector machine detection model, such as low detection rate and high misjudgment rate of intrusion data, and is suitable for large-scale parallel computing

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Classification method applicable for intrusion detection
  • Classification method applicable for intrusion detection
  • Classification method applicable for intrusion detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] The implementation process of the present invention will be described in detail below in conjunction with the accompanying drawings, as figure 1 As shown, the workflow of the inventive method is mainly divided into 4 parts:

[0015] 1) Data preprocessing: Normalize the sample feature parameters for the intrusion detection standard data set KDD CUP99, realize the numerical conversion of all text attribute information, and normalize all feature attributes, and unify the measurement of attributes.

[0016] 2) For the unbalanced training data set, mix sampling in the kernel space to improve the category balance. The following is the generation process of the mixed sampling new sample set, such as figure 2 As shown in the description, it is divided into two parts:

[0017] Step 2.1: Perform SMOTE oversampling on the minority class samples in the kernel space.

[0018] Suppose the minority class sample set to be processed is: F={x 1 ,x 2 ,...x n},x i ∈R h , i=1,2,···,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a classification method applicable for intrusion detection. The method is characterized in that according to the characteristics of the SVM classification algorithm that the sensitivity to unbalanced classes of data sets is high and classification is carried out in a kernel space, through a mixed sampling mode, in which oversampling based on kernel SMOTE is carried out on minority sample sets in training sample sets, and undersampling based on kernel fuzzy C-means clustering is carried out on majority sample sets in the training sample sets, a balancing preprocessing of the unbalanced training data sets is achieved; and training is then carried out newly obtained training sample sets through the Bagging ensemble learning method to obtain an SVM-based ensemble classifier. The method has the advantages that a model obtained through the training can effectively solve the defects of unsatisfactory intrusion data identification effects and a high misjudgment rate for normal data of the traditional SVM intrusion detection model, and the adopted Bagging ensemble algorithm is applicable for large-scale parallel computing.

Description

technical field [0001] The invention belongs to the technical field of network security, relates to a mixed sampling technology for equalized preprocessing of intrusion detection data and a support vector machine integrated learning method, and discloses a classification method suitable for intrusion detection. Background technique [0002] In the field of network security, intrusion detection, as an active defense technology, monitors user and system activities by collecting and analyzing system, user and network data packet information. In order to enable the detection system to automatically detect anomalies from the collected information, machine learning technology is introduced into the intrusion detection system. [0003] As an important research branch in the field of machine learning, support vector machine has been applied in the field of intrusion detection because of its perfect mathematical theory and good practical application effect. However, in the tradition...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1416H04L63/1466G06F18/2411
Inventor 沈海斌佘斌孙世春
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap