作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2020, Vol. 46 ›› Issue (8): 146-152. doi: 10.19678/j.issn.1000-3428.0057085

• 网络空间安全 • 上一篇    下一篇

基于随机森林与人工免疫的入侵检测算法

张玲, 张建伟, 桑永宣, 王博, 侯泽翔   

  1. 郑州轻工业大学 软件学院, 郑州 450002
  • 收稿日期:2019-12-31 修回日期:2020-02-05 发布日期:2020-02-17
  • 作者简介:张玲(1979-),女,讲师、博士,主研方向为网络安全;张建伟、桑永宣、王博,博士;侯泽翔,本科生。
  • 基金资助:
    国家自然科学基金(61502436,61672471);郑州轻工业大学博士基金(2014BSJJ084)。

Intrusion Detection Algorithm Based on Random Forest and Artificial Immunity

ZHANG Ling, ZHANG Jianwei, SANG Yongxuan, WANG Bo, HOU Zexiang   

  1. Software Engineering College, Zhengzhou University of Light Industry, Zhengzhou 450002, China
  • Received:2019-12-31 Revised:2020-02-05 Published:2020-02-17

摘要: 传统入侵检测方法对Probe、U2R、R2L等网络入侵攻击类型的检测率较低,存在对入侵行为的误检和漏检。为此,提出一种基于随机森林与人工免疫的入侵检测算法。设计随机抗体森林检测策略,针对小样本数据集,采用克隆选择算法保证抗体的优良性,提高攻击的检测率,通过将识别为入侵行为的抗原注入抗体集,以平衡抗原的检测率和误报率。仿真结果表明,该算法的检测率为94.1%,高于Probe的93.79%、U2R的91%与R2L的85%,且具有较低的误报率。

关键词: 入侵检测, 随机森林, 人工免疫, 克隆选择算法, 随机抗体森林

Abstract: Traditional intrusion detection methods have low detection rates for Probe,U2R,R2L and other types of network intrusion attacks,leading to misdetection and missed detection of intrusion behavior.Therefore,this paper proposes an intrusion detection algorithm based on Random Forest(RF) and artificial immunity.A Random Antibody(RF) forest detection strategy is designed,and a Clone Selection Algorithm(CSA) for small sample datasets is adopted to ensure the superiority of antibodies and improve the detection rate of attacks.Then the antigen recognized as intrusive behavior is injected into the antibody set to balance the detection rate and false alarm rate of the antigen.Simulation results show that the detection rate of the proposed algorithm is 94.1%,which is higher than that of Probe (93.79%),U2R (91%) and R2L (85%).The proposed algorithm also has a low false alarm rate.

Key words: intrusion detection, Random Forest(RF), artificial immuneity, Clone Selection Algorithm(CSA), random antibody forest

中图分类号: