粒子群选择特征和信息增益确定特征权值的入侵检测

为了提高网络入侵检测正确率,提出一种粒子群算法(PSO)选择特征和信息增益(IG)法确定特征权值的网络入侵检测模型(PSO-IG)。首先采用PSO选择网络入侵特征子集,消除冗余特征;然后采用IG法确定特征子集中的特征权重,并采用支持向量机(SVM)建立分类模型;最后采用KDD CUP 99 数据集对PSO-IG的性能进行测试。测试结果表明:PSO-IG消除了冗余特征,降低了输入维数,提高了网络入侵检测速度;通过合理确定特征权值,提高了入侵检测正确率。     

基于相关信息熵和CNN-BiLSTM的工业控制系统入侵检测

入侵检测技术旨在有效地检测网络中异常的攻击,对网络安全至关重要.针对传统的入侵检测方法难以从工业控制系统通信数据中提取有效数据特征的问题,提出一种基于相关信息熵和CNN-BiLSTM的入侵检测模型,该模型将基于相关信息熵的特征选择和融合的深度学习算法相结合,因此能够有效去除噪声冗余,减少计算量,提高检测精度.首先针对不平衡样本等问题进行相应预处理,并通过基于相关信息熵的算法进行特征选择,达到去除噪声数据和冗余特征的目的;然后分别运用卷积神经网络(CNN)和双向长短期记忆神经网络(BiLSTM)从时间和空间维度提取数据特征,通过多头注意力机制进行特征融合,进而得出最终检测结果;最后通过单一变量原则和交叉验证方式获得最优的模型.通过与其他传统入侵检测方法实验对比得出：该模型具有更高的准确率(99.21%)和较低的漏报率(0.77%).     

基于ACO-FS-SVM特征选择加权的网络入侵分类方法

特征选择和分类器设计是网络入侵分类的关键,为了提高网络入侵分类率,针对特征选择问题,提出一种蚁群算法优化SVM选择和加权特征的网络入侵分类方法.首先利用支持向量机的分类精度和特征子集维数加权构造了综合适应度指标,然后利用蚁群算法的全局寻优和多次优解搜索能力实现特征子集搜索;然后选择网络数据的关键特征,计算信息增益获得各个特征权重,并根据特征权重构建加权支持向量机的网络入侵分类器;最后设计了局部细化搜索方式,使得特征选择结果不含冗余特征的同时提高了算法的收敛性,并通过KDD1999数据集验证了算法有效性.结果表明,ACO-SVM有效降低了特征维数,提高了网络入侵检测正确率和检测速度.     

基于遗传算法的入侵检测特征选择*

针对入侵检测日志数据存在大量不相关特征和冗余特征,导致入侵检测数据集维数较高,检测算法实时性较低的问题,提出一种基于遗传算法的入侵检测特征选择算法。首先删除入侵检测数据集中的不相关特征及冗余特征,构建有效特征集L,并通过偏F检验对特征进一步选择,构成待优化特征集L’;然后采用遗传算法对L’进行优化选择,选出最能反映系统状态的特征集L″。仿真实验结果证明,该算法在保证特征分类精度和确保入侵检测漏检率、误检率尽量小的前提下明显提高了入侵检测的效率。     

一种基于多层次知识库入侵检测系统的设计

知识库是一个入侵检测系统中关键的一部分,它直接影响到入侵检测系统(Intrusion Detection System,IDS)的效率、精度、速度.本文提出了一种多层次知识库入侵检测系统,有效提高了原有IDS的检测效率.并举例说明了如何通过协议分析提取特征值来组建知识库的方法.     

基于支持向量机的入侵检测系统的优化

本文关注基于支持向量机算法的入侵检测系统的优化问题.首先,介绍一个简单的基于单SVM的入侵检测系统.然后,推荐一种对输入特征进行重要性排序的方法.最后,根据分类结果,提出基于多SVMs的入侵检测系统模型.     

一种轻量级入侵检测技术

入侵检测系统需要处理大量冗余与无关数据,使得系统耗用的计算资源很大,导致系统训练时间长、实时性差、检测效果不佳.提出一种轻量级的入侵检测技术,该技术首先采用快速相关性特征选择方法消除冗余及无关特征,然后采用主成分分析对特征进行抽取.实验结果表明,此方法能够大量消减入侵检测系统需要处理的数据量,有效提升了系统性能.     

基于粗糙集数据挖掘和分类集成学习的网络入侵检测模型

基于多个特征或多个模型的集成（Ensemble）学习技术是智能网络入侵检测的重要研究方向,在现有研究基础上提出基于粗糙集分类、模型分发和攻击归类检测,并加以集成的学习式网络入侵检测模型,该模型不仅能提高网络入侵检测系统检测率,同时还结合了粗糙集能处理不确定信息、生成规则具有高解释性、特征排序在获得检测规则前完成等优点。     

基于Fisher分和支持向量机的特征选择算法

网络入侵数据集中存在的大量冗余和噪声特征严重影响检测系统的性能。针对该问题,提出一种基于Fisher分和支持向量机的入侵特征选择算法。通过对各维特征的Fisher分值排序,结合支持向量机分类算法,建立特征分类模型,筛选出具有最高检测率与误码率比值的最优特征组合。仿真结果表明,该算法筛选出的特征组合具有较高的检测率和较低的误码率,有效降低了检测系统的建模时间和测试时间,提高了系统性能。     

面向入侵检测的基于多目标遗传算法的特征选择

针对刻画网络行为的特征集中存在着不相关或冗余特征,从而导致入侵检测性能下降的问题,本文提出了一种基于多目标遗传算法的特征选择方法,将入侵检测中的特征选择问题视为多目标优化问题来处理。实验结果表明,该方法能够实现检测精度与检测算法复杂性的均衡优化,在显著提高检测算法效率的同时,检测精度也有所提高。     

Decision tree based light weight intrusion detection using a wrapper approach

The objective of this paper is to construct a lightweight Intrusion Detection System (IDS) aimed at detecting anomalies in networks. The crucial part of building lightweight IDS depends on preprocessing of network data, identifying important features and in the design of efficient learning algorithm that classify normal and anomalous patterns. Therefore in this work, the design of IDS is investigated from these three perspectives. The goals of this paper are (i) removing redundant instances that causes the learning algorithm to be unbiased (ii) identifying suitable subset of features by employing a wrapper based feature selection algorithm (iii) realizing proposed IDS with neurotree to achieve better detection accuracy. The lightweight IDS has been developed by using a wrapper based feature selection algorithm that maximizes the specificity and sensitivity of the IDS as well as by employing a neural ensemble decision tree iterative procedure to evolve optimal features. An extensive experimental evaluation of the proposed approach with a family of six decision tree classifiers namely Decision Stump, C4.5, Naive Baye’s Tree, Random Forest, Random Tree and Representative Tree model to perform the detection of anomalous network pattern has been introduced.     

An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection

Intrusion detection system (IDS) is to monitor the attacks occurring in the computer or networks. Anomaly intrusion detection plays an important role in IDS to detect new attacks by detecting any deviation from the normal profile. In this paper, an intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection is proposed. The key idea is to take the advantage of support vector machine (SVM), decision tree (DT), and simulated annealing (SA). In the proposed algorithm, SVM and SA can find the best selected features to elevate the accuracy of anomaly intrusion detection. By analyzing the information from using KDD’99 dataset, DT and SA can obtain decision rules for new attacks and can improve accuracy of classification. In addition, the best parameter settings for the DT and SVM are automatically adjusted by SA. The proposed algorithm outperforms other existing approaches. Simulation results demonstrate that the proposed algorithm is successful in detecting anomaly intrusion detection.     

Comparative study for feature selection algorithms in intrusion detection system

The Intrusion Detection System (IDS) deals with the huge amount of network data that includes redundant and irrelevant features causing slow training and testing procedure, higher resource usage and poor detection ratio. Feature selection is a vital preprocessing step in intrusion detection. Hence, feature selec-tion is an essential issue in intrusion detection and need to be addressed by selec-ting the appropriate feature selection algorithm. A major challenge to select the optimal feature selection methods can precisely calculate the relevance of fea-tures to the detection process and the redundancy among features. In this paper, we study the concepts and algorithms used for feature selection algorithms in the IDS. We conclude this paper by identifying the best feature selection algorithm to select the important and useful features from the network dataset.     

名词引导局部特征提取的基于文本的实例分割方法

局部特征信息在图像分割中扮演着重要角色,然而基于文本的实例分割任务具有对输入文本表达式的依赖性,无法直接从原始的输入图像中提取局部特征信息。针对这一问题,提出了一种具体的名词引导局部特征提取的深度神经网络模型(NgLFNet),NgLFNet模型可根据输入文本表达式中的关键名词来自动挖掘待分割对象的局部特征信息。具体地,该模型首先通过语句分析得到关键名词;其次通过文本和图像编码器提取相应特征,并利用关键名词通过多头注意力机制获取高关注区域局部特征;然后逐步融合多模态特征;最后在解码修正模块利用得到的局部特征对预测掩膜进行更细致的修正,从而得到最终结果。将该方法与多种主流基于文本的实例分割方法进行对比,实验结果表明该方法提升了分割效果。     

Genetic-based Fuzzy IDS for Feature Set Reduction and Worm Hole Attack Detection

The wireless ad-hoc networks are decentralized networks with a dynamic topology that allows for end-to-end communications via multi-hop routing operations with several nodes collaborating themselves, when the destination and source nodes are not in range of coverage. Because of its wireless type, it has lot of security concerns than an infrastructure networks. Wormhole attacks are one of the most serious security vulnerabilities in the network layers. It is simple to launch, even if there is no prior network experience. Signatures are the sole thing that preventive measures rely on. Intrusion detection systems (IDS) and other reactive measures detect all types of threats. The majority of IDS employ features from various network layers. One issue is calculating a huge layered features set from an ad-hoc network. This research implements genetic algorithm (GA)-based feature reduction intrusion detection approaches to minimize the quantity of wireless feature sets required to identify worm hole attacks. For attack detection, the reduced feature set was put to a fuzzy logic system (FLS). The performance of proposed model was compared with principal component analysis (PCA) and statistical parametric mapping (SPM). Network performance analysis like delay, packet dropping ratio, normalized overhead, packet delivery ratio, average energy consumption, throughput, and control overhead are evaluated and the IDS performance parameters like detection ratio, accuracy, and false alarm rate are evaluated for validation of the proposed model. The proposed model achieves 95.5% in detection ratio with 96.8% accuracy and produces very less false alarm rate (FAR) of 14% when compared with existing techniques.     

Hybrid flexible neural‐tree‐based intrusion detection systems

An intrusion is defined as a violation of the security policy of the system, and, hence, intrusion detection mainly refers to the mechanisms that are developed to detect violations of system security policy. Current intrusion detection systems (IDS) examine all data features to detect intrusion or misuse patterns. Some of the features may be redundant or contribute little (if anything) to the detection process. The purpose of this study is to identify important input features in building an IDS that is computationally efficient and effective. This article proposes an IDS model based on a general and enhanced flexible neural tree (FNT). Based on the predefined instruction/operator sets, a flexible neural tree model can be created and evolved. This framework allows input variables selection, overlayer connections, and different activation functions for the various nodes involved. The FNT structure is developed using an evolutionary algorithm, and the parameters are optimized by a particle swarm optimization algorithm. Empirical results indicate that the proposed method is efficient. © 2007 Wiley Periodicals, Inc. Int J Int Syst 22: 337–352, 2007.     

Multivariate correlation coefficient and mutual information-based feature selection in intrusion detection

Feature selection is one of the major problems in an intrusion detection system (IDS) since there are additional and irrelevant features. This problem causes incorrect classification and low detection rate in those systems. In this article, four feature selection algorithms, named multivariate linear correlation coefficient (MLCFS), feature grouping based on multivariate mutual information (FGMMI), feature grouping based on linear correlation coefficient (FGLCC), and feature grouping based on pairwise MI, are proposed to solve this problem. These algorithms are implementable in any IDS. Both linear and nonlinear measures are used in the sense that the correlation coefficient and the multivariate correlation coefficient are linear, whereas the MI and the multivariate MI are nonlinear. Least Square Support Vector Machine (LS-SVM) as an intrusion classifier is used to evaluate the selected features. Experimental results on the KDDcup99 and Network Security Laboratory-Knowledge Discovery and Data Mining (NSL) datasets showed that the proposed feature selection methods have a higher detection and accuracy and lower false-positive rate compared with the pairwise linear correlation coefficient and the pairwise MI employed in several previous algorithms.     

基于GPU和特征选择的SVM入侵检测模型

基于支持向量机的入侵检测模型检测效率较低,为此,提出一种基于图形处理器(GPU)和特征选择的入侵检测模型。在入侵检测过程中,采用基于GPU的并行计算模型进行训练,并对样本的特征进行合理选择,从而提高检测效率。实验结果表明,在保证系统性能的情况下,该模型可以缩短训练时间。     

用于网络入侵检测的多尺度卷积CNN模型

鉴于卷积神经网络在计算机视觉等诸多领域取得的巨大成就,提出一种将多尺度卷积神经网络应用到网络入侵检测领域的方法。该方法将IDS中的网络数据转化成卷积神经网络能够输入的数据,利用不同尺度卷积核对大量高维无标签原始数据进行不同层次特征提取,再采用BN方法优化网络结构学习率,从而获得原始数据的最优特征表示。实验采用 KDDcup99数据集进行实验测试,与经典的模型相比,结果表明MSCNN模型不仅收敛速度快,而且误检率平均降低4.02%,准确率平均提高4.38%。因此MSCNN方法是一种可行且高效的方法,为网络入侵检测系统领域提供一种全新的思路。     

一种新的基于协议树的入侵检测系统的设计

基于协议分析的入侵检测系统避免了传统入侵检测系统的计算量大、准确率低的缺陷。在协议分析的基础上,提出了一种基于带权重协议树的入侵检测系统,给出了其设计方案,该方案进一步提高了检测的准确性和效率,并且可以检测变体攻击、拒绝服务攻击等较难检测的攻击。