摘要：

为提高网络入侵检测系统的检测效率、降低数据的不平衡程度，在分析现有重抽样方法的基础上，根据网络入侵检测数据集的特点，提出快速分层最近邻(FHNN)重抽样方法，并在KDD’99数据集上进行实验验证。结果显示，该方法可以较好地删除噪声数据和冗余信息，减小数据的不平衡度和样本总量，而且运行速度快，适用于海量数据中的各类攻击检测。

关键词: 重抽样方法, 非平衡数据, 网络入侵检测, NCL算法, AdaBoost算法

Abstract:

To improve the data processing speed of intrusion detection system and reduce the data imbalance, this paper presents a Fast Hierarchical Nearest Neighbor(FHNN) resampling method by analyzing existing resampling methods commonly and according to the characteristics of network intrusion detection datasets. The novel algorithm experiments with KDD’99 datasets. Experimental results show that this method is efficient in tacking noise and majority class examples. It is a rapid and effective method for detecting many types of threats from massive audit data.

Key words: resampling method, imbalanced data, network intrusion detection, Neighborhood Cleaning Rule(NCL) algorithm, AdaBoost algorithm

中图分类号: 

• TP393.08