计算机工程 ›› 2011, Vol. 37 ›› Issue (13): 104-106.doi: 10.3969/j.issn.1000-3428.2011.13.033

• 安全技术 • 上一篇    下一篇

基于分布式集成学习的入侵检测模型

谢堉鑫a,b,刘衍珩a,b,朱建启a,b,孙 鑫a,b,付 枫a,b   

  1. (吉林大学a. 计算机科学与技术学院;b. 符号计算与知识工程教育部重点实验室,长春 130012)
  • 收稿日期:2011-02-23 出版日期:2011-07-05 发布日期:2011-07-05
  • 作者简介:谢堉鑫(1987-),男,硕士研究生,主研方向:网络安全;刘衍珩,教授、博士生导师;朱建启,博士;孙 鑫,博士研究生;付 枫,硕士研究生
  • 基金项目:
    国家自然科学基金资助项目(60973136);国家科技部国际合作与交流专项基金资助项目(2008DFA12140)

Intrusion Detection Model Based on Distributed Integrated Learning

XIE Yu-xin  a,b, LIU Yan-heng  a,b, ZHU Jian-qi  a,b, SUN Xin  a,b, FU Feng  a,b   

  1. (a. College of Computer Science and Technology; b. Key Laboratory of Symbolic Computation and Knowledge Engineering of Ministry of Education, Jilin University, Changchun 130012, China)
  • Received:2011-02-23 Online:2011-07-05 Published:2011-07-05

摘要: 针对入侵检测系统的高漏报率及高误报率问题,提出一种混杂入侵检测模型。该模型分别构造基于核主成分分析(KPCA)和核独立成分分析(KICA)的特征提取器,并采用集成学习对特征提取结果进行整合学习。采用分布式神经网络对集成结果进行再学习,从而实现对大规模数据的分布式处理。通过反馈机制调节KPCA和KICA的集成学习权重,达到最优检测效果。采用KDD CUP’99数据集进行测试实验,结果表明:该模型能够获得较高的检测正确率,同时具有较低的漏报率及误报率。

关键词: 入侵检测, 集成, 核主成分分析, 核独立成分分析, 分布式神经网络

Abstract: A hybrid intrusion detection model is presented against the high false positive and false negative rate in Intrusion Detection System (IDS). This model constructs two feature extractors based on Kernel Principle Component Analysis(KPCA) and Kernel Independent Component Analysis(KICA), and uses a novel ensemble approach to learn the results produced by the extractors. It has capacity of processing large-scale data by using distributed neural network to learn the ensemble results, and obtains the optimal detection result by means of feedback regulating to change the ensemble learning weight. KDD CUP’99 is adopted in experiment and the result shows the model gets the lower false negative rate and false positive rate besides the higher accuracy.

Key words: intrusion detection, integration, Kernel Principle Component Analysis(KPCA), Kernel Independent Component Analysis(KICA), distributed neural network

中图分类号: