A classification method suitable for intrusion detection
A technology of intrusion detection and classification methods, applied in the field of network security, can solve the problems of high misjudgment rate and low detection rate, and achieve the effect of improving the unsatisfactory recognition effect
Inactive Publication Date: 2018-12-14
ZHEJIANG UNIV
View PDF3 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0004] Aiming at the above-mentioned defects of SVM application in intrusion detection, the present invention proposes a sample equalization preprocessing method based on kernel-space mixed sampling technology on the training sample set, and a learning method of support vector machine integration on the classification algorithm. The scheme can improve the shortcomings of the support vector machine detection model, such as low detection rate and high misjudgment rate of intrusion data, and is suitable for large-scale parallel computing
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0014] The implementation process of the present invention will be described in detail below in conjunction with the accompanying drawings, as figure 1 As shown, the workflow of the inventive method is mainly divided into 4 parts:
[0015] 1) Data preprocessing: Normalize the sample feature parameters for the intrusion detection standard data set KDD CUP99, realize the numerical conversion of all text attribute information, and normalize all feature attributes, and unify the measurement of attributes.
[0016] 2) For the unbalanced training data set, mix sampling in the kernel space to improve the category balance. The following is the generation process of the mixed sampling new sample set, such as figure 2 As shown in the description, it is divided into two parts:
[0017] Step 2.1: Perform SMOTE oversampling on the minority class samples in the kernel space.
[0018] Suppose the minority class sample set to be processed is: F={x 1 ,x 2 ,...x n},x i ∈ R h , i=1,2,···...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a classification method suitable for intrusion detection. According to the characteristics that the SVM classification algorithm is sensitive to unbalanced data sets and classifies in the kernel space, the minority class sample set in the training sample set is based on the kernel SMOTE oversampling, and at the same time adopt a hybrid sampling method based on kernel-based fuzzy C-means clustering and undersampling for the majority class sample set to realize the balanced preprocessing of the unbalanced training data set, and then use Bagging on the newly obtained training sample set The ensemble learning method trains an ensemble classifier based on SVM. The model trained by this method can not only effectively improve the disadvantages of the traditional SVM intrusion detection model, such as the unsatisfactory identification effect of intrusion data and the high misjudgment rate of normal data, but also the Bagging integration algorithm adopted is suitable for large-scale parallel computing.
Description
technical field [0001] The invention belongs to the technical field of network security, relates to a mixed sampling technology for equalized preprocessing of intrusion detection data and a support vector machine integrated learning method, and discloses a classification method suitable for intrusion detection. Background technique [0002] In the field of network security, intrusion detection, as an active defense technology, monitors user and system activities by collecting and analyzing system, user and network data packet information. In order to enable the detection system to automatically detect anomalies from the collected information, machine learning technology is introduced into the intrusion detection system. [0003] As an important research branch in the field of machine learning, support vector machine has been applied in the field of intrusion detection because of its perfect mathematical theory and good practical application effect. However, in the tradition...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1416H04L63/1466G06F18/2411
Inventor 张石沈海斌佘斌孙世春
Owner ZHEJIANG UNIV