摘要: 针对现有的网络入侵检测算法对少数类攻击的检测存在高误报率和漏报率的问题,在对稀有类分类技术研究的基础上,将集成学习应用到入侵检测中。采用基于负载均衡策略的入侵检测模型,把网络数据包按协议类型进行分流,对每个子集用AdaBoost算法提升C4.5弱分类器的方法进行分类,在KDD’99数据集上进行仿真实验,结果表明该方法可有效提高系统的检测率。
关键词:
网络入侵检测,
稀有类,
集成学习,
C4.5算法,
AdaBoost算法
Abstract: There is a very high false positive rate and false negative rate to rare events in the existing network intrusion detection system. Based on the research of technology to classify rare classes, an approach based on ensemble learning is proposed. Taking the model of load balancing intrusion detection, it splits the packets into small according to the type of protocols, and applies AdaBoost algorithm by using C4.5 weak learner to each dataset. Experimental results over the KDD’99 datasets show that the proposed approach can improve detection performance for rare classes.
Key words:
network intrusion detection,
rare classes,
ensemble learning,
C4.5 algorithm,
AdaBoost algorithm
中图分类号:
赵月爱;陈俊杰;穆晓芳. 集成学习在网络入侵检测中的实验研究[J]. 计算机工程, 2009, 35(23): 124-126.
ZHAO Yue-ai; CHEN Jun-jie; MU Xiao-fang. Exprimental Research on Ensemble Learning in Network Intrusion Detection[J]. Computer Engineering, 2009, 35(23): 124-126.