采用信息增益率的混合入侵检测模型设计

针对现有混合入侵检测模型仅定性选取特征而导致检测精度较低的问题,同时为了充分结合误用检测模型和异常检测模型的优势,提出一种采用信息增益率的混合入侵检测模型.首先,利用信息增益率定量地选择特征子集,最大程度地保留样本信息;其次,采用余弦时变粒子群算法确定支持向量机参数构建误用检测模型,使其更好地平衡粒子在全局和局部的搜索能力,然后,选取灰狼算法确定单类支持向量机参数构建异常检测模型,以此来提高对最优参数的搜索效率和精细程度,综合提高混合入侵检测模型对攻击的检测效果;最后,通过两种数据集进行仿真实验,验证了所提混合入侵检测模型具有较好的检测性能.

Design of Hybrid Intrusion Detection Model Utilizing Information Gain Rate

Considering the problem that the existing hybrid intrusion detection methods only select characteristics qualitatively, which leads to a low detection efficiency, we propose a hybrid intrusion detection model that combines the advantages of misuse detection model and anomaly detection model and that utilizes the information gain rate. First, we use the information gain rate to quantitatively select the feature subset and maximize the retention of sample information. Second, to balance the global and local search ability, we use a cosine time-varying particle swarm optimization algorithm to determine the support vector machine (SVM) parameters to construct the misuse detection model. Then, by using the gray wolf optimizer to improve the search efficiency, we construct an anomaly detection model in order to obtain more reasonable parameters of the one-class SVM, and to enhance the comprehensively detection results of the hybrid model on the attack. Finally, the simulation experiment of two datasets show that the proposed hybrid intrusion detection model has better detection performance than the existing methods.