基于模糊粗糙集属性约简与GMM-LDA最优聚类簇特征学习的自适应网络入侵检测
|
摘要
网络入侵方式已日趋多样化,其隐蔽性强且变异性快,开发灵活度高、适应性强的实时网络安全监测系统面临严峻挑战.对此,提出一种基于模糊粗糙集属性约简(FRS-AR)和GMM-LDA最优聚类簇特征学习(GMM-LDA-OCFL)的自适应网络入侵检测(ANID)方法.首先,引入一种基于模糊粗糙集(FRS)信息增益率的属性约简(AR)方法以实现网络连接数据最优属性集选择;然后,提出一种基于GMM-LDA的最优聚类簇特征学习方法,以获得正常模式特征库和入侵模式库的最优特征表示,同时引入模式库自适应更新机制,使入侵检测模型能够适应网络环境动态变化. KDD99数据集和基于Nidsbench的网络虚拟仿真实验平台的入侵检测结果表明,所提出的ANID方法能有效适应网络环境动态变化,可实时检测出真实网络连接数据中的各种入侵行为,其性能优于当前常用的入侵检测方法,应用前景广阔.
With the increasing diversity and rapid variability of network intrusion, the development of real-time network security monitoring systems with high flexibility and strong adaptability still faces severe challenges. Therefore adaptive network intrusion detection(ANID) method based on fuzzy rough set attribute reduction(FRS-AR) and Gaussian mixture model linear discriminant aualysis(GMM-LDA) optimal cluster feature learning(GMM-LDA-OCFL) is proposed. Based on the fuzzy rough set theory, the optimal attribute set of network connection data is selected automatically by information gain rate measurement. Then, an optimal cluster feature learning method based on GMM-LDA is proposed to obtain the optimal feature representation of the normal mode feature library and the intrusion mode feature library. At the same time, the adaptive on-line update mechanism of the normal(abnormal) pattern feature library is introduced, so that the detection model can adapt itself to dynamic network changes. The test results of KDD99 and network simulation experiment platform based on Nidsbench show that the proposed method can effectively adapt to the dynamic changes of the network environment and various intrusion behaviors in the real network connection data can be detected in real time. And the performance of the proposed method is better than that of the existing commonly-used intrusion detection methods, which has potentially wide application prospects.
With the increasing diversity and rapid variability of network intrusion, the development of real-time network security monitoring systems with high flexibility and strong adaptability still faces severe challenges. Therefore adaptive network intrusion detection(ANID) method based on fuzzy rough set attribute reduction(FRS-AR) and Gaussian mixture model linear discriminant aualysis(GMM-LDA) optimal cluster feature learning(GMM-LDA-OCFL) is proposed. Based on the fuzzy rough set theory, the optimal attribute set of network connection data is selected automatically by information gain rate measurement. Then, an optimal cluster feature learning method based on GMM-LDA is proposed to obtain the optimal feature representation of the normal mode feature library and the intrusion mode feature library. At the same time, the adaptive on-line update mechanism of the normal(abnormal) pattern feature library is introduced, so that the detection model can adapt itself to dynamic network changes. The test results of KDD99 and network simulation experiment platform based on Nidsbench show that the proposed method can effectively adapt to the dynamic changes of the network environment and various intrusion behaviors in the real network connection data can be detected in real time. And the performance of the proposed method is better than that of the existing commonly-used intrusion detection methods, which has potentially wide application prospects.
引文
[1]Baig M M,Awais M M,El-Alfy E S M.A multiclass cascade of artificial neural network for network intrusion detection[J].J of Intelligent&Fuzzy Systems,201732(4):2875-2883.
[2]Ahmed M,Naser Mahmood A,Hu J.A survey of network anomaly detection techniques[J].J of Network&Computer Applications,2016,60:19-31.
[3]Erbacher R F,Walker K L,Frincke D A.Intrusion and misuse detection in large-scale systems[J].Computer Graphics&Applications IEEE,2002,22(1):38-47.
[4]Fathima S M H S S,Banu R S D W.Elliptical mode for normal and abnormal gait classification[J].Research J of Applied Sciences Engineering&Technology,201511(11):1238-1244.
[5]Wang J,Wang S T,Deng Z H.Some problems in cluster analysis[J].Control and Decision,2012,27(3):321-328
[6]Kang S H,Sandberg B,Yip A M.A regularized k-means and multiphase scale segmentation[J].Inverse Problems&Imaging,2017,5(2):407-429.
[7]Jeon Y,Yoo J,Lee J,et al.NC-Link:A new linkage method for efficient hierarchical clustering of large-scale data[J].IEEE Access,2017,5:5594-5608.
[8]Zhang X,Zhou A,Wang X,et al.Unmixing grain-size distributions in lake sediments:A new method of endmember modeling using hierarchical clustering[J]Quaternary Research,2017,89(1):1-9.
[9]Zhang Y,Geng G,Wei X,et al.Feature extraction of point clouds using the DBSCAN clustering[J].J of Xidian University,2017,44(2):114-120.
[10]Huang J,Hong Y,Zhao Z,et al.An energy-efficien multi-hop routing protocol based on grid clustering for wireless sensor networks[J].Cluster Computing,201720(3):1-13.
[11]Zhao Q H,Li X L,Zhao X M,et al.Fuzzy cluster image segmentation based on spatial constraint Student’s-Thybrid model[J].Control and Decision,2016,31(11)2065-2070.
[12]Dai J,Xu Q.Attribute selection based on information gain ratio in fuzzy rough set theory with application to tumor classification[J].Applied Soft Computing J,2013,13(1)211-221.
[13]Herawan T,Deris M M,Abawajy J H.A rough set approach for selecting clustering attribute[J]Knowledge-Based Systems,2010,23(3):220-231.
[14]Jiang Q,Huang B,Yan X.GMM and optimal principa components-based Bayesian method for multimode faul diagnosis[J].Computers&Chemical Engineering,201684:338-349.
[15]Chen S,Hong X,Harris C J.Probability density estimation with tunable kernels using orthogonal forward regression[J].IEEE Trans on Systems,Man,&Cybernetics,Part B:Cybernetics,2010,40(4):1101-1114.
[16]Laohakiat S,Phimoltares S,Lursinsap C.A clustering algorithm for stream data with LDA-based unsupervised localized dimension reduction[J].Information Sciences,2017,381:104-123.
[17]Jia R,Mao Z,Wang F.KPLS model based product quality control for batch processes[J].Ciesc J,2013,64(4):1332-1339.
[18]Xu W,Yan X,Xu W,et al.Application of single channel blind separation algorithm based on EEMD-PCA-robust ICA in bearing fault diagnosis[J].Int J of Communications Network&System Sciences,2017,10(8):138-147.
[19]Lahdhiri H,Elaissii I,Taouali O,et al.Nonlinear process monitoring based on new reduced rank-KPCA method[J].Stochastic Environmental Research&Risk Assessment,2017,32(6):1-16.
[20]Wu L Y,Li S L,Gan X S,et al.Network anomaly intrusion detection CVM model based on PLS feature extraction[J].Control and Decision,2017,32(4):755-758.
[21]Lin W C,Ke S W,Tsai C F.CANN:An intrusion detection system based on combining cluster centers and nearest neighbors[J].Knowledge-Based Systems,2015,78(1):13-21.
[22]Tama B A.HFSTE:Hybrid feature selections and tree-based classifiers ensemble for intrusion detection system[J].Ieice Trans on Information&Systems,2017,100(8):1729-1737.
[23]Ashfaq R A R,Wang X Z,Huang J Z,et al.Fuzziness based semi-supervised learning approach for intrusion detection system[J].Information Sciences,2017,378(C):484-497.
[24]Lippmann R,Haines J W,Fried D J,et al.The 1999DARPA off-line intrusion detection evaluation[J].The Int J of Computer and Telecommunications Networking,2000,34(4):579-595.
[2]Ahmed M,Naser Mahmood A,Hu J.A survey of network anomaly detection techniques[J].J of Network&Computer Applications,2016,60:19-31.
[3]Erbacher R F,Walker K L,Frincke D A.Intrusion and misuse detection in large-scale systems[J].Computer Graphics&Applications IEEE,2002,22(1):38-47.
[4]Fathima S M H S S,Banu R S D W.Elliptical mode for normal and abnormal gait classification[J].Research J of Applied Sciences Engineering&Technology,201511(11):1238-1244.
[5]Wang J,Wang S T,Deng Z H.Some problems in cluster analysis[J].Control and Decision,2012,27(3):321-328
[6]Kang S H,Sandberg B,Yip A M.A regularized k-means and multiphase scale segmentation[J].Inverse Problems&Imaging,2017,5(2):407-429.
[7]Jeon Y,Yoo J,Lee J,et al.NC-Link:A new linkage method for efficient hierarchical clustering of large-scale data[J].IEEE Access,2017,5:5594-5608.
[8]Zhang X,Zhou A,Wang X,et al.Unmixing grain-size distributions in lake sediments:A new method of endmember modeling using hierarchical clustering[J]Quaternary Research,2017,89(1):1-9.
[9]Zhang Y,Geng G,Wei X,et al.Feature extraction of point clouds using the DBSCAN clustering[J].J of Xidian University,2017,44(2):114-120.
[10]Huang J,Hong Y,Zhao Z,et al.An energy-efficien multi-hop routing protocol based on grid clustering for wireless sensor networks[J].Cluster Computing,201720(3):1-13.
[11]Zhao Q H,Li X L,Zhao X M,et al.Fuzzy cluster image segmentation based on spatial constraint Student’s-Thybrid model[J].Control and Decision,2016,31(11)2065-2070.
[12]Dai J,Xu Q.Attribute selection based on information gain ratio in fuzzy rough set theory with application to tumor classification[J].Applied Soft Computing J,2013,13(1)211-221.
[13]Herawan T,Deris M M,Abawajy J H.A rough set approach for selecting clustering attribute[J]Knowledge-Based Systems,2010,23(3):220-231.
[14]Jiang Q,Huang B,Yan X.GMM and optimal principa components-based Bayesian method for multimode faul diagnosis[J].Computers&Chemical Engineering,201684:338-349.
[15]Chen S,Hong X,Harris C J.Probability density estimation with tunable kernels using orthogonal forward regression[J].IEEE Trans on Systems,Man,&Cybernetics,Part B:Cybernetics,2010,40(4):1101-1114.
[16]Laohakiat S,Phimoltares S,Lursinsap C.A clustering algorithm for stream data with LDA-based unsupervised localized dimension reduction[J].Information Sciences,2017,381:104-123.
[17]Jia R,Mao Z,Wang F.KPLS model based product quality control for batch processes[J].Ciesc J,2013,64(4):1332-1339.
[18]Xu W,Yan X,Xu W,et al.Application of single channel blind separation algorithm based on EEMD-PCA-robust ICA in bearing fault diagnosis[J].Int J of Communications Network&System Sciences,2017,10(8):138-147.
[19]Lahdhiri H,Elaissii I,Taouali O,et al.Nonlinear process monitoring based on new reduced rank-KPCA method[J].Stochastic Environmental Research&Risk Assessment,2017,32(6):1-16.
[20]Wu L Y,Li S L,Gan X S,et al.Network anomaly intrusion detection CVM model based on PLS feature extraction[J].Control and Decision,2017,32(4):755-758.
[21]Lin W C,Ke S W,Tsai C F.CANN:An intrusion detection system based on combining cluster centers and nearest neighbors[J].Knowledge-Based Systems,2015,78(1):13-21.
[22]Tama B A.HFSTE:Hybrid feature selections and tree-based classifiers ensemble for intrusion detection system[J].Ieice Trans on Information&Systems,2017,100(8):1729-1737.
[23]Ashfaq R A R,Wang X Z,Huang J Z,et al.Fuzziness based semi-supervised learning approach for intrusion detection system[J].Information Sciences,2017,378(C):484-497.
[24]Lippmann R,Haines J W,Fried D J,et al.The 1999DARPA off-line intrusion detection evaluation[J].The Int J of Computer and Telecommunications Networking,2000,34(4):579-595.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |