作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2022, Vol. 48 ›› Issue (6): 146-153. doi: 10.19678/j.issn.1000-3428.0061509

• 网络空间安全 • 上一篇    下一篇

基于GSA与DE优化混合核ELM的网络异常检测模型

生龙1,2, 袁丽娜1,2, 武南南3, 姬少培4   

  1. 1. 河北工程大学 信息与电气工程学院, 河北邯郸 056038;
    2. 河北工程大学 河北省安防信息感知与处理重点实验室, 河北 邯郸 056038;
    3. 天津大学 智能与计算学部, 天津 300072;
    4. 中国电子科技集团公司第三十研究所, 成都 610041
  • 收稿日期:2021-04-29 修回日期:2021-07-09 发布日期:2021-07-27
  • 作者简介:生龙(1982—),男,副教授、博士,主研方向为人工神经网络、图像处理、机器学习、数据挖掘;袁丽娜,硕士;武南南,讲师、博士;姬少培,工程师、硕士。
  • 基金资助:
    国家重点研发计划(2018YFF0301004);四川省重大科技项目(2017GZDZX0002)。

Network Anomaly Detection Model Based on GSA and DE Optimizing Hybrid Kernel ELM

SHENG Long1,2, YUAN Lina1,2, WU Nannan3, JI Shaopei4   

  1. 1. College of Information and Electronic Engineering, Hebei University of Engineering, Handan, Hebei 056038, China;
    2. Hebei Key Laboratory of Security & Protection Information Sensing and Processing, Hebei University of Engineering, Handan, Hebei 056038, China;
    3. College of Intelligence and Computing, Tianjin University, Tianjin 300072, China;
    4. The 30th Research Institute of China Electronics Technology Group Corporation, Chengdu 610041, China
  • Received:2021-04-29 Revised:2021-07-09 Published:2021-07-27

摘要: 为了增强网络入侵检测模型的准确率与泛化性,提出一种基于引力搜索算法(GSA)与差分进化(DE)算法优化混合核极限学习机(ELM)的网络入侵检测模型。该模型针对采用单个核函数的ELM模型存在的泛化能力弱、学习能力差的问题,结合多项式核函数和径向基函数的优点,构建混合核ELM模型(HKELM),将GSA和DE相结合优化HKELM模型参数,从而提高其在异常检测过程中的全局和局部优化能力,在此基础上利用核主成分分析算法进行入侵检测数据的数据降维和特征抽取,构建网络入侵检测模型KPCA-GSADE-HKELM。在KDD99数据集上的实验结果表明,与KDDwinner、CSVAC、CPSO-SVM、Dendron等模型进行对比,KPCA-GSADE-HKELM模型具有更高的检测精度和更快的检测速度。

关键词: 网络入侵检测, 异常检测, 引力搜索算法, 差分进化算法, 混合核极限学习机, 检测精度

Abstract: To enhance the accuracy and generalization of the network intrusion detection model, this study proposes a network intrusion detection model based on the Gravitational Search Algorithm(GSA) and Differential Evolution(DE) algorithm to optimize the hybrid kernel Extreme Learning Machine (ELM).Aiming to improve the weak generalization and poor learning capabilities of ELM models with single kernel function, this model combines the advantages of a polynomial kernel function and radial basis function to construct the so-called Hybrid Kernel ELM(HKELM) model.Furthermore, GSA and DE are combined to optimize the parameters of HKELM, which improves its global and local optimization ability in anomaly detection.Then, the Kernel Principal Component Analysis(KPCA) algorithm is used for data dimensionality reduction and feature extraction from intrusion detection data.Finally, the proposed approach constructs a network intrusion detection model based on GSA and DE optimized hybrid kernel ELM (KPCA-GSADE-HKELM).Experimental results on the KDD99 dataset demonstrate that KPCA-GSADE-HKELM model achievesa higher detection accuracy and faster detection speed compared with KDDwinner, CSVAC, CPSO-SVM, and Dendron models.

Key words: network intrusion detection, anomaly detection, Gravitational Search Algorithm(GSA), Differential Evolution(DE) algorithm, Hybrid Kernel Extreme Learning Machine(HKELM), accuracy of detection

中图分类号: