[1]李润杰,张小庆*,刘昌华.融合SMOTE-Tomek Link与集成模型的入侵检测方法[J].计算机技术与发展,2024,34(07):100-107.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0105]
 LI Run-jie,ZHANG Xiao-qing*,LIU Chang-hua.An Intrusion Detection Approach Incorporating SMOTE-Tomek Link with Integrated Modeling[J].,2024,34(07):100-107.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0105]
点击复制

融合SMOTE-Tomek Link与集成模型的入侵检测方法

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
34
期数:
2024年07期
页码:
100-107
栏目:
网络空间安全
出版日期:
2024-07-10

文章信息/Info

Title:
An Intrusion Detection Approach Incorporating SMOTE-Tomek Link with Integrated Modeling
文章编号:
1673-629X(2024)07-0100-08
作者:
李润杰张小庆*刘昌华
武汉轻工大学 数学与计算机学院,湖北 武汉 430048
Author(s):
LI Run-jieZHANG Xiao-qing*LIU Chang-hua
School of Mathematics and Computer Science,Wuhan Polytechnic University,Wuhan 430048,China
关键词:
入侵检测采样算法特征选择集成学习网络安全
Keywords:
intrusion detectionsampling algorithmsfeature selectionensemble learningcyber security
分类号:
TP309
DOI:
10.20165/j.cnki.ISSN1673-629X.2024.0105
摘要:
随着全球互联网的快速扩张和网络安全威胁日益复杂化,开发高效稳定的入侵检测系统成为了网络安全领域中的重要研究任务。 该文的重点在于解决入侵检测数据集普遍存在的两个难题:一是由于正常与异常网络行为样本数量差异引起的类别不均衡;二是由于数据集中冗余和无效特征过多导致的高维度问题。 为此,运用集成学习思想,融合 SOMTE-Tomek Link 综合采样算法与 3 个同质模型,提出针对非平衡数据集的加权投票法集成模型。 先利用 SOMTE-Tomek Link 综合采样算法对非平衡数据进行预处理,再利用随机森林排列重要性度量算法对数据集进行有效特征选择,以降低模型检测失误率与计算开销。 将多个机器学习模型和所提集成模型进行对比实验评估。 实验结果表明,集成模型准确率达到 97. 84% ,比单一模型可提高 1 ~ 4 百分点,在少样本攻击分类的准确率、精确率、召回率和 F1 分数上有大幅提升,且模型训练效率更高,稳定性更强。
Abstract:
With the rapid expansion of the global Internet and the increasing complexity of network security threats,the development of ef-ficient and stable intrusion detection systems has become an important research task in the field of network security. The focus of this paper is to solve two common problems in intrusion detection data sets:one is the category imbalance caused by the difference in the number of normal and abnormal network behavior samples;The second is the high dimensional problem caused by too many redundant and invalid features in the data set. Therefore,according to ensemble learning,by combining the SOMTE-Tomek Link comprehensive sampling algorithm with three homogeneous models,an integrated weighted voting model for unbalanced data sets is proposed. The SOMTE-Tomek Link algorithm preprocesses the data,while the random forest ranking importance measure algorithm selects effective features,reducing error rates and computational demands. Comparative evaluations against multiple machine learning models demonstrate that the integrated model achieves a 97. 84% accuracy rate, outperforming single models by 1 ~ 4 percentage points. Notably, it significantly improves accuracy, precision, recall, and F1 scores in classifying less - sample attacks, enhancing training efficiency and model stability.

相似文献/References:

[1]李雷 丁亚丽 罗红旗.基于规则约束制导的入侵检测研究[J].计算机技术与发展,2010,(03):143.
 LI Lei,DING Ya-li,LUO Hong-qi.Intrusion Detection Technology Research Based on Homing - Constraint Rule[J].,2010,(07):143.
[2]高峥 陈蜀宇 李国勇.混合入侵检测系统的研究[J].计算机技术与发展,2010,(06):148.
 GAO Zheng,CHEN Shu-yu,LI Guo-yong.Research of a Hybrid Intrusion Detection System[J].,2010,(07):148.
[3]林英 张雁 欧阳佳.日志检测技术在计算机取证中的应用[J].计算机技术与发展,2010,(06):254.
 LIN Ying,ZHANG Yan,OU Yang-jia.Application of Log Testing Technology in Computer Forensics[J].,2010,(07):254.
[4]李钦 余谅.基于免疫遗传算法的网格入侵检测模型[J].计算机技术与发展,2009,(05):162.
 LI Qin,YU Liang.Grid Intrusion Detection Model Based on Immune Genetic Algorithm[J].,2009,(07):162.
[5]黄世权.网络存储安全分析[J].计算机技术与发展,2009,(05):170.
 HUANG Shi-quan.Analysis of Network Storage's Safety[J].,2009,(07):170.
[6]李睿 肖维民.基于孤立点挖掘的异常检测研究[J].计算机技术与发展,2009,(06):168.
 LI Rui,XIAO Wei-min.Research on Anomaly Intrusion Detection Based on Outlier Mining[J].,2009,(07):168.
[7]胡琼凯 黄建华.基于协议分析和决策树的入侵检测研究[J].计算机技术与发展,2009,(06):179.
 HU Oiong-kai,HUANG Jian-hua.Intrusion Detection Based on Protocol Analysis and Decision Tree[J].,2009,(07):179.
[8]汪世义.基于优化支持向量机的网络入侵检测技术研究[J].计算机技术与发展,2009,(07):177.
 WANG Shi-yi.Network Intrusion Detection Based on Improved Support Vector Machine[J].,2009,(07):177.
[9]薛俊 陈行 陶军.一种基于神经网络的入侵检测技术[J].计算机技术与发展,2009,(08):148.
 XUE Jun,CHEN Hang,TAO Jun.Technology of Intrusion Detection Based on Neural Network[J].,2009,(07):148.
[10]李生 邓一贵 唐学文 潘磊 林玉香.基于移动代理的分布式入侵检测系统的研究[J].计算机技术与发展,2009,(09):132.
 LI Sheng,DENG Yi-gui,TANG Xue-wen,et al.Research of Mobile Agent - Based Distributed Intrusion Detection System[J].,2009,(07):132.

更新日期/Last Update: 2024-07-10