Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Intrusion detection method based on active learning

A technology of active learning and intrusion detection, applied to instruments, character and pattern recognition, computer components, etc., can solve problems such as poor attack detection effect and poor detection effect of small samples

Pending Publication Date: 2021-09-10
GUIZHOU POWER GRID CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] On the one hand, various algorithms have their own advantages and disadvantages. For example, some algorithms may work well for a certain type of attack, but poorly detect other types of attacks; on the other hand, many studies focus on improving the overall detection accuracy , but the detection effect on small samples (attack samples) is not good

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion detection method based on active learning
  • Intrusion detection method based on active learning
  • Intrusion detection method based on active learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] refer to Figure 1 ~ Figure 3 , which is the first embodiment of the present invention, provides an active learning-based intrusion detection method, specifically including:

[0046] S1: Use system logs to collect historical data and perform preprocessing to obtain a label sample data set.

[0047] S2: Build a detection and classification model based on the active learning strategy, and combine the semi-supervised transductive support vector machine to train the detection and classification model to form a detection multi-classifier.

[0048] S3: Use the K-Means clustering algorithm for cluster analysis, and combine the trained detection and classification models to output the detection results.

[0049] Preprocessing includes: normalization processing.

[0050] Active learning strategies include: membership query, flow-based selective sampling, and pool-based selective sampling.

[0051] refer to figure 2 , the membership query includes that the generated query is...

Embodiment 2

[0089] This embodiment is different from the first embodiment in that it provides an active learning-based intrusion detection method to solve the detailed verification of labeled samples and iterative training, including:

[0090] (1) Select the required labeled samples.

[0091]For example: the labeling of paired samples in TSVM, this method has the advantage of high labeling accuracy, but the labeling speed is very low; the region-based labeling method can label multiple samples at a time, this method has fast labeling speed, but the labeling accuracy is not good It can be guaranteed; this embodiment proposes a method based on multi-classifier voting decision labeling, and selects m samples belonging to more than half of the classifiers in the boundary area at the same time (that is, the minority obeys the majority) for labeling. If the m samples satisfy the maximum classification super plane, it is labeled as a positive class; if m samples satisfy the minimum classificatio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an intrusion detection method based on active learning. The method comprises the steps of: collecting historical data through a system log, and carrying out preprocessing to obtain a label sample data set; constructing a detection classification model based on an active learning strategy, and training the detection classification model in combination with a semi-supervised direct push type support vector machine to form a detection multi-classifier; and performing clustering analysis by using a K-Means clustering algorithm, and outputting a detection result in combination with the trained detection classification model. The algorithm provided by the invention not only depends on the classification result of a single classifier to determine the labeled samples, but also depends on the voting results of classifiers to determine labeled samples by training a plurality of classifiers, so that the labeling accuracy can be well improved.

Description

technical field [0001] The invention relates to the technical field of classification detection, in particular to an intrusion detection method based on active learning. Background technique [0002] Transductive Support Vector Machine (TSVM) is a maximum-margin classification method based on low-density segmentation assumptions. Very similar to the traditional support vector machine, it looks for the classification hyperplane with the largest margin as the optimal classification hyperplane, and considers both unlabeled and labeled data to train the classification model. [0003] The traditional machine learning method is to train and learn on a given set of labeled samples, and induce a learning model, which is called "inductive learning". However, in practical applications, the labeled samples are very limited, and it is very time-consuming, labor-intensive, and boring to label a large number of unlabeled samples. In order to reduce the labeling cost as much as possible a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06K9/62
CPCG06F18/23213G06F18/2411G06F18/214
Inventor 徐润陈林森胡兵轩杨涵陈挺杨隽奎郑智浩周仲波邓德茂覃禹铭王龙海余云昊李勇江再能董双金基伟任庭昊代启灿李瑶王开波唐剑
Owner GUIZHOU POWER GRID CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com