基于邻域粗糙集的入侵检测集成算法

入侵检测领域的数据往往具有高维性及非线性特点,且其中含有大量的噪声、冗余及连续型属性,这就使得一般的模式分类方法不能对其进行有效的处理。为了进一步提高入侵检测效果,提出了基于邻域粗糙集的入侵检测集成算法。采用Bagging技术产生多个具有较大差异性的训练子集,针对入侵检测数据的连续型特点,在各训练子集上使用具有不同半径的邻域粗糙集模型进行属性约简,消除冗余与噪声,实现属性约简以提高属性子集的分类性能,同时也获得具有更大差异性的训练子集,采用SVM为分类器训练多个基分类器,以各基分类器的检测精度构造权重进行加权集成。KDD99数据集的仿真实验结果表明,该算法能有效地提高入侵检测的精度和效率,具有较高的泛化性和稳定性。     

基于人工免疫分类器的入侵检测方法

针对入侵检测系统准确率不高和难以检测未知攻击的缺点,将有限资源人工免疫分类器模型算法AIRS应用于入侵检测系统.首先从KDD CUP 99数据集中选取出部分正常数据和攻击数据,对AIRS算法进行训练.然后根据训练得到的模型,对包含己知攻击和未知攻击的不同异常类比的数据集进行测试.实验结果表明:AIRS算法对已知攻击的检测率大大提高,对未知攻击的识别率也有很大的提高.     

基于集成神经网络技术的IDS入侵检测系统研究

网络入侵检测是近几年信息安全领域的研究热点。为了提高网络入侵检测系统中异常数据检测的精度、降低漏报率和误报率,维护网络系统安全,该文提出了一种基于Adaboost算法集成BP神经网络的网络入侵检测方法。该方法首先构造个体BP神经网络模型,个体BP神经网络为弱分类器即可,然后通过大量训练样本对模型进行训练,采用Adaboost算法对其弱分类器进行集成构造强分类器模型。最后在KDD 99数据集上,通过Matlab软件进行仿真实验,实验结果表明,该方法能有效的提高异常数据检测的精度。     

基于遗传规划集成学习的网络作弊检测

网络作弊检测是搜索引擎的重要挑战之一,该文提出基于遗传规划的集成学习方法 (简记为GPENL)来检测网络作弊。该方法首先通过欠抽样技术从原训练集中抽样得到t个不同的训练集;然后使用c个不同的分类算法对t个训练集进行训练得到t*c个基分类器;最后利用遗传规划得到t*c个基分类器的集成方式。新方法不仅将欠抽样技术和集成学习融合起来提高非平衡数据集的分类性能,还能方便地集成不同类型的基分类器。在WEBSPAM-UK2006数据集上所做的实验表明无论是同态集成还是异态集成,GPENL均能提高分类的性能,且异态集成比同态集成更加有效;GPENL比AdaBoost、Bagging、RandomForest、多数投票集成、EDKC算法和基于Prediction Spamicity的方法取得更高的F-度量值。     

集成学习在网络入侵检测中的实验研究

针对现有的网络入侵检测算法对少数类攻击的检测存在高误报率和漏报率的问题,在对稀有类分类技术研究的基础上,将集成学习应用到入侵检测中。采用基于负载均衡策略的入侵检测模型,把网络数据包按协议类型进行分流,对每个子集用AdaBoost算法提升C4．5弱分类器的方法进行分类,在KDD’99数据集上进行仿真实验,结果表明该方法可有效提高系统的检测率。     

基于ACO-FS-SVM特征选择加权的网络入侵分类方法

特征选择和分类器设计是网络入侵分类的关键,为了提高网络入侵分类率,针对特征选择问题,提出一种蚁群算法优化SVM选择和加权特征的网络入侵分类方法.首先利用支持向量机的分类精度和特征子集维数加权构造了综合适应度指标,然后利用蚁群算法的全局寻优和多次优解搜索能力实现特征子集搜索;然后选择网络数据的关键特征,计算信息增益获得各个特征权重,并根据特征权重构建加权支持向量机的网络入侵分类器;最后设计了局部细化搜索方式,使得特征选择结果不含冗余特征的同时提高了算法的收敛性,并通过KDD1999数据集验证了算法有效性.结果表明,ACO-SVM有效降低了特征维数,提高了网络入侵检测正确率和检测速度.     

粒子群优化支持向量机的入侵检测算法

为了提高网络入侵的检测正确率,针对网络入侵检测中特征选择问题,将二值粒子群优化算法(BPSO)用于网络入侵特征选择,结合支持向量机(SVM)提出了一种基于BPSO-SVM的网络入侵检测算法。该算法将网络入侵检测转化为多分类问题,采用wrapper特征选择模型,以SVM为分类器,通过样本训练分类器,根据分类结果,利用BPSO算法在特征空间中进行全局搜索,选择最优特征集进行分类。实验结果表明,BPSO-SVM有效降低了特征维数,显著提高了网络入侵的检测正确率,还大大缩短了检测时间。     

基于属性约简与半监督协同训练的入侵检测算法

入侵检测数据具有信息冗余量大、标记数据难以获得等特点。传统入侵检测方法难以消除冗余信息并且需要大量已标记样本做训练集,导致检测效率降低,实用性下降。为了解决上述问题,提出一种结合属性约简与半监督协同训练的算法。该算法充分发挥了大量未标记样本的监督作用。首先将入侵数据进行属性约简,利用约简结果建立一个支持向量机(SVM)基分类器,然后将其与另外两个SVM辅助分类器做协同训练。如此,分类器界面得到反复修正,分类器的性能逐步得到改善,最终分类精度得到明显提高。在入侵检测数据集KDDCUP99上的仿真实验结果表明,该算法不仅可以提高检测精度,同时还具有良好的可行性、稳定性。     

AdaBoost算法在网络入侵检测中的实验研究

提高入侵检测系统的检测率并降低误报率是一个重要的研究课题。在对稀有类分类问题研究的基础上,将集成学习应用到入侵检测中,采用对高速网络数据进行分流的检测模型,把网络数据包按照协议类型进行分类,然后交给各个检测器,每个检测器以C4.5分类器作为弱分类器,用集成学习AdaBoost算法构造一个加强的总检测函数。进一步用SMOTE技术合成稀有类,在KDD‘99数据集上进行了仿真实验,结果表明这种方法可有效提高稀有类的检测率。     

面向软件定义网络架构的入侵检测模型设计与实现

针对传统入侵检测方法无法检测软件定义网络（SDN）架构的特有攻击行为的问题,设计一种基于卷积神经网络（CNN）的入侵检测模型。首先,基于SDN流表项设计了特征提取方法,通过采集SDN特有攻击样本形成攻击流表数据集;然后,采用CNN进行训练和检测,并针对SDN攻击样本量较小而导致的识别率低的问题,设计了一种基于概率的加强训练方法。实验结果表明,所提的入侵检测模型可以有效检测面向SDN架构的特有攻击,具有较高的准确率,所提的基于概率的加强学习方法能有效提升小概率攻击的识别率。     

On the Complexity of Function Learning

The majority of results in computational learning theory are concerned with concept learning, i.e. with the special case of function learning for classes of functions with range {0, 1}. Much less is known about the theory of learning functions with a larger range such as or . In particular relatively few results exist about the general structure of common models for function learning, and there are only very few nontrivial function classes for which positive learning results have been exhibited in any of these models.We introduce in this paper the notion of a binary branching adversary tree for function learning, which allows us to give a somewhat surprising equivalent characterization of the optimal learning cost for learning a class of real-valued functions (in terms of a max-min definition which does not involve any learning model).Another general structural result of this paper relates the cost for learning a union of function classes to the learning costs for the individual function classes.Furthermore, we exhibit an efficient learning algorithm for learning convex piecewise linear functions from ^d into . Previously, the class of linear functions from ^d into was the only class of functions with multidimensional domain that was known to be learnable within the rigorous framework of a formal model for online learning.Finally we give a sufficient condition for an arbitrary class of functions from into that allows us to learn the class of all functions that can be written as the pointwise maximum ofk functions from . This allows us to exhibit a number of further nontrivial classes of functions from into for which there exist efficient learning algorithms.     

Transfer in variable-reward hierarchical reinforcement learning

Transfer learning seeks to leverage previously learned tasks to achieve faster learning in a new task. In this paper, we consider transfer learning in the context of related but distinct Reinforcement Learning (RL) problems. In particular, our RL problems are derived from Semi-Markov Decision Processes (SMDPs) that share the same transition dynamics but have different reward functions that are linear in a set of reward features. We formally define the transfer learning problem in the context of RL as learning an efficient algorithm to solve any SMDP drawn from a fixed distribution after experiencing a finite number of them. Furthermore, we introduce an online algorithm to solve this problem, Variable-Reward Reinforcement Learning (VRRL), that compactly stores the optimal value functions for several SMDPs, and uses them to optimally initialize the value function for a new SMDP. We generalize our method to a hierarchical RL setting where the different SMDPs share the same task hierarchy. Our experimental results in a simplified real-time strategy domain show that significant transfer learning occurs in both flat and hierarchical settings. Transfer is especially effective in the hierarchical setting where the overall value functions are decomposed into subtask value functions which are more widely amenable to transfer across different SMDPs.     

Learning from a Population of Hypotheses

We introduce a new formal model in which a learning algorithm must combine a collection of potentially poor but statistically independent hypothesis functions in order to approximate an unknown target function arbitrarily well. Our motivation includes the question of how to make optimal use of multiple independent runs of a mediocre learning algorithm, as well as settings in which the many hypotheses are obtained by a distributed population of identical learning agents.     

The Power of Self-Directed Learning

This article studies self-directed learning, a variant of the on-line (or incremental) learning model in which the learner selects the presentation order for the instances. Alternatively, one can view this model as a variation of learning with membership queries in which the learner is only charged for membership queries for which it could not predict the outcome. We give tight bounds on the complexity of self-directed learning for the concept classes of monomials, monotone DNF formulas, and axis-parallel rectangles in {0, 1, , n – 1} ^d . These results demonstrate that the number of mistakes under self-directed learning can be surprisingly small. We then show that learning complexity in the model of self-directed learning is less than that of all other commonly studied on-line and query learning models. Next we explore the relationship between the complexity of self-directed learning and the Vapnik-Chervonenkis (VC-)dimension. We show that, in general, the VC-dimension and the self-directed learning complexity are incomparable. However, for some special cases, we show that the VC-dimension gives a lower bound for the self-directed learning complexity. Finally, we explore a relationship between Mitchell's version space algorithm and the existence of self-directed learning algorithms that make few mistakes.     

Toward Efficient Agnostic Learning

In this paper we initiate an investigation of generalizations of the Probably Approximately Correct (PAC) learning model that attempt to significantly weaken the target function assumptions. The ultimate goal in this direction is informally termed agnostic learning, in which we make virtually no assumptions on the target function. The name derives from the fact that as designers of learning algorithms, we give up the belief that Nature (as represented by the target function) has a simple or succinct explanation. We give a number of positive and negative results that provide an initial outline of the possibilities for agnostic learning. Our results include hardness results for the most obvious generalization of the PAC model to an agnostic setting, an efficient and general agnostic learning method based on dynamic programming, relationships between loss functions for agnostic learning, and an algorithm for a learning problem that involves hidden variables.     

一种新的连续动作集学习自动机

学习自动机（Learning automation,LA）是一种自适应决策器。其通过与一个随机环境不断交互学习从一个允许的动作集里选择最优的动作。在大多数传统的LA模型中,动作集总是被取作有限的。因此,对于连续参数学习问题,需要将动作空间离散化,并且学习的精度取决于离散化的粒度。本文提出一种新的连续动作集学习自动机（Continuous action set learning automaton,CALA）,其动作集为一个可变区间,同时按照均匀分布方式选择输出动作。学习算法利用来自环境的二值反馈信号对动作区间的端点进行自适应更新。通过一个多模态学习问题的仿真实验,演示了新算法相对于3种现有CALA算法的优越性。     

Context counts: How learners' contexts influence learning in a MOOC

Massive Open Online Courses (MOOCs) require individual learners to self-regulate their own learning, determining when, how and with what content and activities they engage. However, MOOCs attract a diverse range of learners, from a variety of learning and professional contexts. This study examines how a learner's current role and context influences their ability to self-regulate their learning in a MOOC: Introduction to Data Science offered by Coursera. The study compared the self-reported self-regulated learning behaviour between learners from different contexts and with different roles. Significant differences were identified between learners who were working as data professionals or studying towards a higher education degree and other learners in the MOOC. The study provides an insight into how an individual's context and role may impact their learning behaviour in MOOCs.     

Indexing,Elaboration and Refinement: Incremental Learning of Explanatory Cases

This article describes how a reasoner can improve its understanding of an incompletely understood domain through the application of what it already knows to novel problems in that domain. Case-based reasoning is the process of using past experiences stored in the reasoner's memory to understand novel situations or solve novel problems. However, this process assumes that past experiences are well understood and provide good lessons to be used for future situations. This assumption is usually false when one is learning about a novel domain, since situations encountered previously in this domain might not have been understood completely. Furthermore, the reasoner may not even have a case that adequately deals with the new situation, or may not be able to access the case using existing indices. We present a theory of incremental learning based on the revision of previously existing case knowledge in response to experiences in such situations. The theory has been implemented in a case-based story understanding program that can (a) learn a new case in situations where no case already exists, (b) learn how to index the case in memory, and (c) incrementally refine its understanding of the case by using it to reason about new situations, thus evolving a better understanding of its domain through experience. This research complements work in case-based reasoning by providing mechanisms by which a case library can be automatically built for use by a case-based reasoning program.     

不同程度的监督机制在自动文本分类中的应用

自动文本分类技术涉及信息检索、模式识别及机器学习等领域。本文以监督的程度为线索，综述了分属全监督，非监督以及半监督学习策略的若干方法-NBC(Naive Bayes Classifier)，FCM(Fuzzy C-Means)，SOM(Self-Organizing Map)，ssFCM(serni-supervised Fuzzy C-Means)gSOM(guided Self-Organizing Map)，并应用于文本分类中。其中，gSOM是我们在SOM基础上发展得到的半监督形式。并以Reuters-21578为语料，研究了监督程度对分类效果的影响，从而提出了对实际文本分类工作的建议。