Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Intrusion detection method and intrusion detection system based on sustainable ensemble learning

An integrated learning and intrusion detection technology, applied in transmission systems, machine learning, instruments, etc., can solve the problems of sensitivity, denial of service, and weak adaptability without considering the different attack types of individual learners

Active Publication Date: 2018-05-11
XIDIAN UNIV
View PDF5 Cites 58 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In order to detect abnormal behavior under large-scale data traffic, the intrusion detection system based on machine learning has become the focus. Machine learning technology is used to extract features from a large amount of data, and a classification model is established for the marked data set to realize network traffic or host Behavior classification, detecting intrusion behavior in the system, not only can detect known attacks, but also detect new or unknown attacks, but there are problems of low detection accuracy or denial of service due to high false positive rate and false negative rate
In order to reduce the false alarm rate and false negative rate in the machine learning-based anomaly detection system, the detection model is often established by the fusion of multiple machine learning models, and the final result is obtained by voting or weighted voting on the results of multiple machine learning models. Decision-making results, thereby improving the overall detection accuracy of the system; there are still the following problems: 1) The sensitivity of the individual learner to the attack type is not considered, resulting in poor adaptability of the detection model, and there are various types of attacks in a complex network environment. As time changes, the detection algorithm is sensitive to the type of attack, that is, different algorithms have different detection accuracy for different attack types; the final result is obtained by voting or weighted voting on the decision results of one or several algorithms integrated with machine learning , because the sensitivity of the detection model to the attack type is not considered, the weight obtained by the detection model is fixed, the adaptability is weak, and the accuracy of the detection model is likely to be low
2) Lack of stability and sustainability in the model update process. In a dynamically changing network environment, it is necessary to continuously update the detection model to ensure the accuracy of the model. It is not suitable for the environment of integrated learning, and does not consider the knowledge in the process of detection model update. It only proposes to completely retrain the new detection model based on new data over time, without considering the accumulation and transfer of knowledge between the historical model and the new model, and the updated model lacks stability and continuity.
In the prior art, there is a combination probability framework for classifiers, and four combination schemes of integrated learning are studied: majority voting, weighted majority voting, recall combination and naive Bayesian combination, based on class conditional independence and individual accuracy assumptions. The advantages and disadvantages of the model combination scheme are pointed out, and the stability and plasticity of the combination method are balanced by inducing label noise, indicating that there is no clear optimal combination scheme
Most of the existing ensemble-based learning schemes use voting method or weighted voting method to fuse the detection results of multiple individual learners and generate the final decision result. Such schemes do not consider the differences of individual learners and the impact on attack types. Sensitivity, the weight obtained by the classifier is fixed, resulting in a lack of adaptability when the model is fused, thereby reducing the detection accuracy
[0003] To sum up, the problems existing in the existing technology are: the existing ensemble-based learning methods do not consider the differences of individual learners and the sensitivity to attack types, and the weights obtained by classifiers are fixed, resulting in a lack of adaptability in model fusion. Reduce detection accuracy
None of the existing integrated learning-based schemes considers the association of knowledge during the update process of the detection model. It only proposes to completely retrain the new detection model based on new data over time, without considering the accumulation and transfer of knowledge between the historical model and the new model. Lack of stability and continuity

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion detection method and intrusion detection system based on sustainable ensemble learning
  • Intrusion detection method and intrusion detection system based on sustainable ensemble learning
  • Intrusion detection method and intrusion detection system based on sustainable ensemble learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0060] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

[0061] The invention ensures that each individual learner can fully exert its adaptability, and at the same time, the historical model is added to the training and detection process of the new model in the detection model update stage, so as to complete the transfer of knowledge in the update process, so that the learning process becomes sustainable. , which further improves the stability and accuracy of the model.

[0062] The application principle of the present invention will be described in detail below with reference to the accompanying drawings.

[0063] like figure 1 As shown, the intrusion detection metho...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention, which belongs to the technical field of network intrusion detection, discloses an intrusion detection method and intrusion detection system based on sustainable ensemble learning. A multi-class regression model is constructed by using a class probability output and a classification confidence product of an individual learner as training data, so that the decision-making process of the ensemble learning has high adaptability to the attack type to improve the detection accuracy. At the model updating stage, parameters and decision results of historical models are added into the training process of a new model, thereby completing incremental learning of the model. According to the invention, on the basis of the ensemble learning fusion plan of the multi-regression model, the decision-making weights of the individual learner during the detection processes for different attack types are allocated in a fine granularity manner; and the parameters and results of the historical models are used for training the new model, so that the stability of the model is improved and the sustainability of the learning process is ensured. Besides, the experiment result is compared with theexisting MV and WMV plans, the accuracy, stability and sustainability of the intrusion detection method and intrusion detection system are verified.

Description

technical field [0001] The invention belongs to the technical field of network intrusion detection, and in particular relates to an intrusion detection method and an intrusion detection system based on sustainable integrated learning. Background technique [0002] With the rapid development of network-based computing services and applications, the Internet is subject to more and more security threats, and an intrusion detection system (Intrusion Detection System, IDS) is particularly important as an important part of the deep defense system of network security. An intrusion detection system discovers and identifies intrusions in a system by detecting and analyzing network traffic or host behavior. In order to detect abnormal behavior under large-scale data traffic, the intrusion detection system based on machine learning has become the focus. Machine learning technology is used to extract features from a large amount of data, and a classification model is established for the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06N99/00
CPCG06N20/00H04L63/1416H04L63/1441
Inventor 李兴华钟成许勐璠刘海张会林马建峰
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products