作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2009, Vol. 35 ›› Issue (23): 124-126. doi: 10.3969/j.issn.1000-3428.2009.23.043

• 安全技术 • 上一篇    下一篇

集成学习在网络入侵检测中的实验研究

赵月爱1,2,陈俊杰1,穆晓芳2   

  1. (1. 太原理工大学计算机与软件学院,太原 030001;2. 太原师范学院计算机系,太原 030012)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-12-05 发布日期:2009-12-05

Exprimental Research on Ensemble Learning in Network Intrusion Detection

ZHAO Yue-ai1,2, CHEN Jun-jie1, MU Xiao-fang2   

  1. (1. College of Computer and Software, Taiyuan University of Science and Technology, Taiyuan 030001; 2. Department of Computer, Taiyuan Teachers College, Taiyuan 030012)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-12-05 Published:2009-12-05

摘要: 针对现有的网络入侵检测算法对少数类攻击的检测存在高误报率和漏报率的问题,在对稀有类分类技术研究的基础上,将集成学习应用到入侵检测中。采用基于负载均衡策略的入侵检测模型,把网络数据包按协议类型进行分流,对每个子集用AdaBoost算法提升C4.5弱分类器的方法进行分类,在KDD’99数据集上进行仿真实验,结果表明该方法可有效提高系统的检测率。

关键词: 网络入侵检测, 稀有类, 集成学习, C4.5算法, AdaBoost算法

Abstract: There is a very high false positive rate and false negative rate to rare events in the existing network intrusion detection system. Based on the research of technology to classify rare classes, an approach based on ensemble learning is proposed. Taking the model of load balancing intrusion detection, it splits the packets into small according to the type of protocols, and applies AdaBoost algorithm by using C4.5 weak learner to each dataset. Experimental results over the KDD’99 datasets show that the proposed approach can improve detection performance for rare classes.

Key words: network intrusion detection, rare classes, ensemble learning, C4.5 algorithm, AdaBoost algorithm

中图分类号: