基于增量学习的SVM-KNN网络入侵检测方法

doi:10.19678/j.issn.1000-3428.0054701

计算机工程 ›› 2020, Vol. 46 ›› Issue (4): 115-122. doi: 10.19678/j.issn.1000-3428.0054701

基于增量学习的SVM-KNN网络入侵检测方法

付子爔, 徐洋, 吴招娣, 许丹丹, 谢晓尧

贵州师范大学贵州省信息与计算科学重点实验室, 贵阳 550001

收稿日期:2019-04-23 修回日期:2019-06-20 出版日期:2020-04-15 发布日期:2019-05-31
作者简介:付子爔(1993-),男,硕士研究生,主研方向为网络空间安全、机器学习;徐洋(通信作者),教授、博士;吴招娣、许丹丹,硕士研究生;谢晓尧,教授、博士。
基金资助:
中央引导地方科技发展专项（黔科中引地〔2018〕4008）；贵州师范大学创新创业教育研究基金项目（SCJJ1805）；贵州师范大学研究生创新基金（YC[2018]030）。

SVM-KNN Network Intrusion Detection Method Based on Incremental Learning

FU Zixi, XU Yang, WU Zhaodi, XU Dandan, XIE Xiaoyao

Key Laboratory of Information and Computing Science of Guizhou Province, Guizhou Normal University, Guiyang 550001, China

Received:2019-04-23 Revised:2019-06-20 Online:2020-04-15 Published:2019-05-31

摘要/Abstract

摘要： 为满足入侵检测的实时性和准确性要求，通过结合支持向量机（SVM）和K最近邻（KNN）算法设计IL-SVM-KNN分类器，并采用平衡k维树作为数据结构提升执行速度。训练阶段应用增量学习思想并考虑知识库的扩展，分类阶段则利用SVM和KNN算法将待分类数据分成3种情况应用不同的分类策略。基于KDD CUP99和NSL-KDD数据集进行实验，结果表明，IL-SVM-KNN能够区分正常流量和异常流量并准确判断异常流量的攻击类型，其准确率较KNN算法和SVM算法有明显提升，判断攻击类型的准确性高于决策树、随机森林和XGBoost算法，并且较两层卷积神经网络消耗时间更少，资源消耗更低。

关键词: 支持向量机, K最近邻算法, k维树, 入侵检测, 增量学习, 卷积神经网络

Abstract: In order to meet the requirements of intrusion detectionfor real-time performance and accuracy,this paper designs an IL-SVM-KNN classifier that combines Support Vector Machine(SVM) and K-Nearest Neighbor(KNN) algorithm,and the balanced k-dimensional tree is used for data structure to improve the execution speed.In the training phase,the idea of incremental learning is applied and the expansion of the knowledge base is considered.In the classification phase,the SVM algorithm and KNN algorithm are used to divide the to-be-classified data into three cases,each case with a unique classification strategy.Experimental results on KDD CUP99 and NSL-KDD datasets show that the IL-SVM-KNN classifier can distinguish abnormal traffic from normal traffic,and determine the type of abnormal traffic attacks.The accuracy of the proposed classifier is significantly improved compared with the KNN algorithm and SVM algorithm.It also outperforms the decision tree,random forests and XGBoost algorithm in terms of the accuracy of determining the attack type while reducing the elapsed time and resource consumption compared with two-layer convolution neural network.

Key words: Support Vector Machine(SVM), K-Nearest Neighbor(KNN) algorithm, k-dimensional tree, intrusion detection, incremental learning, Convolutional Neural Network(CNN)

中图分类号:

TP309

付子爔, 徐洋, 吴招娣, 许丹丹, 谢晓尧. 基于增量学习的SVM-KNN网络入侵检测方法[J]. 计算机工程, 2020, 46(4): 115-122.

FU Zixi, XU Yang, WU Zhaodi, XU Dandan, XIE Xiaoyao. SVM-KNN Network Intrusion Detection Method Based on Incremental Learning[J]. Computer Engineering, 2020, 46(4): 115-122.

http://www.ecice06.com/CN/Y2020/V46/I4/115

图/表 15

20200414124455

20200414124459

20200414124502

20200414124505

20200414124509

20200414124514

20200414124518

20200414124521

20200414124525

20200414124529

20200414124533

20200414124537

20200414124541

20200414124546

20200414124551

参考文献 22

[1]	DENNING D E.An intrusion-detection model[J].IEEE Transactions on Software Engineering,1987,13(2):222-232.
[2]	XIE Juanying,GAO Hongchao.Statistical correlation and K-means based distinguishable gene subset selection algorithms[J].Journal of Software,2014,25(9):2050-2075.(in Chinese)谢娟英,高红超.基于统计相关性与K-means的区分基因子集选择算法[J].软件学报,2014,25(9):2050-2075.
[3]	XIE Juanying,XIE Weixin.Several feature selection algorithms based on the discernibility of a feature subset and support vector machines[J].Chinese Journal of Computers,2014,37(8):1704-1718.(in Chinese)谢娟英,谢维信.基于特征子集区分度与支持向量机的特征选择算法[J].计算机学报,2014,37(8):1704-1718.
[4]	ZHANG Sicong,XIE Xiaoyao,XU Yang.Intrusion detection method based on a deep convolutional neural network[J].Journal of Tsinghua University(Science and Technology),2019,59(1):44-52.(in Chinese)张思聪,谢晓尧,徐洋.基于dCNN的入侵检测方法[J].清华大学学报(自然科学版),2019,59(1):44-52.
[5]	GU B,SHENG V S,TAY K Y,et al.Incremental support vector learning for ordinal regression[J].IEEE Transactions on Neural Networks and Learning Systems,2014,26(7):1403-1416.
[6]	LI Xiangna,AI Qing,QIN Yuping,et al.Summary of SVM incermental learning algorithm[J].Journal of Bohai University(Natural Science Edition),2007,28(2):187-189.(in Chinese)李祥纳,艾青,秦玉平,等.支持向量机增量学习算法综述[J].渤海大学学报(自然科学版),2007,28(2):187-189.
[7]	WU Xiaonian,PENG Xiaojin,YANG Yuyang,et al.Two-level feature selection method based on SVM for intrusion detection[J].Journal on Communications,2015,36(4):23-30.(in Chinese)武小年,彭小金,杨宇洋,等.入侵检测中基于SVM的两级特征选择方法[J].通信学报,2015,36(4):23-30.
[8]	GARCIA S,DERRAC J,CANO J R,et al.Prototype selection for nearest neighbor classification:taxonomy and empirical study[J].IEEE Transactions on Pattern Analysis and Machine Intelligence,2011,34(3):417-435.
[9]	LI Yinhui,XIA Jingbo,ZHANG Silan,et al.An efficient intrusion detection system based on support vector machines and gradually feature removal method[J].Expert Systems with Applications,2012,39(1):424-430.
[10]	BROWN R A.Building a balanced kd tree in O(kn log n) time[EB/OL].[2019-01-02].https://arxiv.org/pdf/1410.5420.pdf.
[11]	WANG Hao,HUA Jixue,FAN Xiaoshi.Intrusion detection technology based on twin support vector machine[J].Journal of Shandong University(Engineering Science),2013,43(6):53-56,64.(in Chinese)王昊,华继学,范晓诗.基于双联支持向量机的入侵检测技术[J].山东大学学报(工学版),2013,43(6):53-56,64.
[12]	CHITRAKAR R,HUANG C.Selection of candidate support vectors in incremental SVM for network intrusion detection[J].Computers & Security,2014,45:231-241.
[13]	ZHANG Xiuzhen,LI Yuxuan,KOTAGIRI R,et al.KRNN:k rare-class nearest neighbour classification[J].Pattern Recognition,2017,62:33-44.
[14]	CAO Jing.Research and application of three decision KNN algorithm based on incremental learning[D].Xi'an:Xi'an University of Technology,2018.(in Chinese)曹婧.基于增量学习的三支决策KNN算法的研究与应用[D].西安:西安理工大学,2018.
[15]	CHE Huimin,DING Bo,WANG Huaimin,et al.IKNN-SVM:a hybrid incremental algorithm for image classification[C]//Proceedings of the 2nd International Conference on Artificial Intelligence and Industrial Engineering.[S.l.]:Atlantis Press,2016:1-5.
[16]	SU Mingyang.Using clustering to improve the KNN-based classifiers for online anomaly network traffic identification[J].Journal of Network and Computer Applications,2011,34(2):722-730.
[17]	TAVALLAEE M,BAGHERI E,LU W,et al.A detailed analysis of the KDD CUP99 data set[C]//Proceedings of 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.Washington D.C.,USA:IEEE Press,2009:1-6.
[18]	BOLON-CANEDO V,SANCHEZ-MARONO N,ALONSO-BETANZOS A.Feature selection and classification in multiple class datasets:an application to KDD CUP99 dataset[J].Expert Systems with Applications,2011,38(5):5947-5957.
[19]	SIDDIQUI M K,NAAHID S.Analysis of KDD CUP99 dataset using clustering based data mining[J].International Journal of Database Theory and Application,2013,6(5):23-34.
[20]	KRIZHEVSKY A,SUTSKEVER I,HINTON G E.Imagenet classification with deep convolutional neural networks[C]//Proceedings of the 25th International Conference on Neural Information Processing Systems.New York,USA:ACM Press,2012:1097-1105.
[21]	YIN Yabo,YANG Wenzhong,YANG Huiting,et al.Research on short text classification algorithm based on convolutional neural network and KNN[J].Computer Engineering,2018,44(7):193-198.(in Chinese)殷亚博,杨文忠,杨慧婷,等.基于卷积神经网络和KNN的短文本分类算法研究[J].计算机工程,2018,44(7):193-198.
[22]	LIU Yuefeng,CAI Shuang,YANG Hanxi,et al.Network intrusion detection method integrating CNN and BiLSTM[J].Computer Engineering,2019,45(12):127-133.(in Chinese)刘月峰,蔡爽,杨涵晰,等.融合CNN与BiLSTM的网络入侵检测方法[J].计算机工程,2019,45(12):127-133.

选择文件类型/文献管理软件名称

选择包含的内容

基于增量学习的SVM-KNN网络入侵检测方法

SVM-KNN Network Intrusion Detection Method Based on Incremental Learning

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 15

参考文献 22

相关文章 15

编辑推荐

Metrics

本文评价

[1]	曹坪, 杨怀志, 薄一军, 尤嘉, 张淳杰, 李丹勇. 面向低质量裂缝图像的多知识蒸馏分类[J]. 计算机工程, 2023, 49(7): 204-213.
[2]	白明昌. 基于折叠路径聚合的属性网络节点嵌入方法[J]. 计算机工程, 2023, 49(7): 76-84.
[3]	陈仲磊, 伊鹏, 陈祥, 胡涛. 基于集成学习的系统调用实时异常检测框架[J]. 计算机工程, 2023, 49(6): 162-169,179.
[4]	代祖华, 刘园园, 狄世龙. 语义增强的图神经网络方面级文本情感分析[J]. 计算机工程, 2023, 49(6): 71-80.
[5]	沈学利, 田桂源, 姜彦吉, 马琳琳. 基于双阶段Conv-Transformer的时频域语音增强算法[J]. 计算机工程, 2023, 49(6): 123-130.
[6]	丁子轩, 俞雷, 张娟, 李想, 王新宇. 基于深度残差自适应注意力网络的图像超分辨率重建[J]. 计算机工程, 2023, 49(5): 231-238.
[7]	陈治旭, 靳雁霞, 芦烨, 杨晶, 刘亚变, 史志儒. 基于子图卷积神经网络的多精度服装建模方法[J]. 计算机工程, 2023, 49(4): 174-181.
[8]	衡红军, 苗菁. 语义与句法信息加强的二元标记实体关系联合抽取[J]. 计算机工程, 2023, 49(4): 77-84.
[9]	张雷, 鲍蓉, 朱永红, 史新国. 基于CSA-ResNet的人员入侵检测方法[J]. 计算机工程, 2023, 49(4): 297-302,311.
[10]	钟宝荣, 吴夏灵. 基于高分辨率网络的轻量型人体姿态估计研究[J]. 计算机工程, 2023, 49(4): 226-232,239.
[11]	徐康, 李霏, 姬东鸿. 结合依存图卷积与文本片段搜索的方面情感三元组抽取[J]. 计算机工程, 2023, 49(4): 61-67.
[12]	杨晶晶, 谢海燕, 薛妮妮, 张傲明. 基于双通道残差网络的水下图像去噪研究[J]. 计算机工程, 2023, 49(4): 188-198.
[13]	石磊, 张吉涛, 高宇飞, 卫琳, 陶永才. 基于Transformer与BiLSTM的网络流量入侵检测[J]. 计算机工程, 2023, 49(3): 29-36,57.
[14]	刘晶晶, 黄浩. 引入非局部模块卷积神经网络的基频提取模型[J]. 计算机工程, 2023, 49(3): 128-133,160.
[15]	邹长龙, 安敬民, 李冠宇. 基于邻域聚合与CNN的知识图谱实体类型补全[J]. 计算机工程, 2023, 49(3): 134-141.

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

基于增量学习的SVM-KNN网络入侵检测方法

SVM-KNN Network Intrusion Detection Method Based on Incremental Learning

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 15

参考文献 22

相关文章 15

编辑推荐

Metrics

本文评价