Lightweight distributed intrusion detection method

An intrusion detection and distributed technology, applied in the field of information security, can solve the problems of IDS service provider burden, system paralysis, IDS model accuracy decline, etc., and achieve the effect of fast prediction speed, less feature engineering, and low false positive rate

Active Publication Date: 2021-11-23
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF10 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] (2) Accuracy: Compared with traditional centralized learning, in distributed scenarios, the accuracy of the IDS model may drop significantly
A large number of errors will bring a burden to the IDS service provider, and even cause its system to be paralyzed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Lightweight distributed intrusion detection method
  • Lightweight distributed intrusion detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] Such as figure 2 As shown, in the method of the present invention, each client uses its own private data set for training to obtain a local LGBM; the server then integrates the prediction results of each client's LGBM to obtain an intrusion detection result.

[0027] 1) Client training process

[0028] In CoLGBM, the gradient boosted decision tree GBDT variant LightGBM (LGBM) is used. LGBM discloses two new techniques: one-sided sampling GOSS and exclusive feature bundling EFB, which are used to handle a large number of data instances and a large number of features, respectively. We denote the total amount of data as T 0 , the total amount of non-zero data is denoted as T 1 , the total amount of features is denoted as S 0 , and the characteristic number is denoted as S 1 . Since it takes a lot of time to estimate the information gain of all segments by scanning all data instances, we use GOSS and EFB algorithms to reduce the complexity of histogram construction f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention proposes a lightweight distributed intrusion detection method, and the method comprises the steps of preparing local data for each client, wherein the local data is non-independent identically distributed non-IID flow data and corresponding intrusion detection classification labels; in the training stage, enabling each client to use local data to train a local lightweight gradient boosting machine LGBM, in the prediction stage, inputting test data to each trained LGBM, and obtaining an intrusion detection prediction result output by each LGBM; and after the server collects intrusion detection prediction results output by each LGBM, obtaining a final intrusion detection result aiming at the test data in a voting mode. According to the invention, a lightweight gradient lifting algorithm is introduced on the basis of a traditional decision tree method, and a large number of samples can be effectively processed on non-independent identically-distributed data by combining a decision tree trained by a user. Compared with an existing method based on federated learning, the framework achieves higher accuracy and lower overhead on independent identically distributed data and non-independent identically distributed data.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to distributed intrusion detection technology. [0002] technical background [0003] Such as figure 1 As shown, a typical client-server system is composed of a central server cloud server and n client devices device group 1, device group 2, ..., device group n. In the malicious scenario Abnormal, the controlled host bot master may send malicious commands to the client devicegroup i (i=1, 2, ..., n) through the controller control server, thereby damaging the client or even the cloud server. An intrusion detection system (IDS) is the key to detecting malicious intrusions and protecting systems from malware attacks. The main idea of ​​IDS is to detect malicious traffic (abnormal traffic) through cloud real-time monitoring, so as to activate attack warning and traffic interception. [0004] Deep learning DL has achieved great success in building IDS. However, centralize...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/56G06F18/24323
Inventor 李洪伟袁帅张瑞郝猛李毅然
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap