摘要: 高维网络数据中的无关属性和冗余属性会导致入侵检测速度慢及效率低下。为解决该问题,提出一种基于快速属性约简的网络入侵特征选择方法。以网络数据的条件属性与类别属性之间的互信息为度量去除无关属性,采用基于粗糙集正区域的属性重要性计算公式作为启发信息,设计一种快速属性约简算法去除网络数据的冗余属性,实现网络入侵特征子集的优化选择。在KDD CUP1999数据集上的仿真实验结果表明,该方法能有效去除网络数据中的无关属性和冗余属性,具有较高的入侵检测率和较低的误报率。
关键词:
互信息,
粗糙集,
属性约简,
特征选择,
网络入侵检测
Abstract: Aiming to problem that independent and redundant attributes of high dimensional network data cause classification algorithms’ slow detection speed and low detection rate in network intrusion detection, this paper presents a feature selection method for network intrusion based on fast attribute reduction. It adopts Mutual Information(MI) between condition and label attributes of network data as measure to discard independent attributes, then a formula for measuring attribute importance based on positive region of rough set is applied as heuristic information to design a fast attribute reduction algorithm, which removes redundant attributes of network data to realize optimal selection of feature subset of network intrusion. Simulation experiment is done in KDDCUP1999. Result shows that the method is more effective in discarding independent and redundancy attributes and it has higher intrusion detection rate and lower false positive rate.
Key words:
Mutual Information(MI),
rough set,
attribute reduction,
feature selection,
network intrusion detection
中图分类号:
牟琦, 龚尚福, 毕孝儒, 厍向阳. 基于快速属性约简的网络入侵特征选择[J]. 计算机工程, 2011, 37(17): 113-115.
MAO Qi, GONG Chang-Fu, BI Xiao-Ru, SHE Xiang-Yang. Network Intrusion Feature Selection Based on Fast Attribute Reduction[J]. Computer Engineering, 2011, 37(17): 113-115.