基于交叉覆盖算法的入侵检测

文章提出了一种应用人工神经网络进行入侵检测分类器设计的新方法,即采用多层前向网络的交叉覆盖算法进行入侵检测分类器的设计。该算法克服了传统BP算法的收敛速度慢,易陷入局部最小点的问题。实验结果表明,该分类器用于入侵检测,效果良好,学习速度快,分类准确率高,为实现入侵检测分类器提供了一条准确高效的途径。     

Hybrid PSO-based variable translation wavelet neural network and its application to hypoglycemia detection system

To provide the detection of hypoglycemic episodes in Type 1 diabetes mellitus, hypoglycemia detection system is developed by the use of variable translation wavelet neural network (VTWNN) in this paper. A wavelet neural network with variable translation parameter is selected as a suitable classifier because of its excellent characteristics in capturing nonstationary signal analysis and nonlinear function modeling. Due to the variable translation parameters, the network becomes an adaptive network and provides better classification performance. An improved hybrid particle swarm optimization is used to train the parameters of VTWNN. Using the proposed classifier, a sensitivity of 81.40 % and a specificity of 50.91 % were achieved. The comparison results also show that the proposed detection system performs well in terms of good sensitivity and acceptable specificity.     

改进粒子群算法和支持向量机的网络入侵检测

网络入侵检测一直是网络安全领域中的研究热点,针对分类器参数优化难题,为了提高网络入侵检测准确性,提出一种改进粒子群算法和支持向量机相融合的网络入侵检测模型(IPSO-SVM).首先将网络入侵检测率作为目标函数,支持向量机参数作为约束条件建立数学模型,然后采用改进粒子群算法找到支持向量机参数,最后采用支持向量机作为分类器建立入侵检测模型,并在Matlab 2012平台上采用KDD 999数据进行验证性实验.结果表明,IPSO-SVM解决了分类器参数优化难题,获得更优的网络入侵分类器,提高网络入侵检测率,虚警率和漏报率大幅度下降.     

粒子群算法和K近邻相融合的网络入侵检测

为了提高网络入侵检测效果,提出一种粒子群优化算法（PSO）和K最近邻相融（KNN）的网络入侵检测模型（PSO-KNN）。首先特征子集和KNN参数作为一个粒子,然后通过粒子之间的信息交流和相互协作,找到最优特征子集和KNN参数,从而建立最优网络入侵检测模型,最后利用KDD 1999数据集对模型性能进行测试。结果表明,相对于其他入侵检测算法,PSO-KNN更有效地精简网络数据特征,提高分类算法的网络入侵检测速度及检测率。     

Flow-based anomaly detection in high-speed links using modified GSA-optimized neural network

Ever growing Internet causes the availability of information. However, it also provides a suitable space for malicious activities, so security is crucial in this virtual environment. The network intrusion detection system (NIDS) is a popular tool to counter attacks against computer networks. This valuable tool can be realized using machine learning methods and intrusion datasets. Traditional datasets are usually packet-based in which all network packets are analyzed for intrusion detection in a time-consuming process. On the other hand, the recent spread of 1–10-Gbps-technologies have clearly pointed out that scalability is a growing problem. In this way, flow-based solutions can help to solve the problem by reduction of data and processing time, opening the way to high-speed detection on large infrastructures. Besides, NIDS should be capable of detecting new malicious activities. Artificial neural network-based NIDSs can detect unseen attacks, so a multi-layer perceptron (MLP) neural classifier is used in this study to distinguish benign and malicious traffic in a flow-based NIDS. In this way, a modified gravitational search algorithm (MGSA), as a modern heuristic technique, is employed to optimize the interconnection weights of the neural anomaly detector. The proposed scheme is trained using an enhanced version of the first labeled flow-based dataset for intrusion detection introduced in 2009. In addition, the particle swarm optimization (PSO) algorithm and traditional error back-propagation (EBP) algorithm are employed to train MLP, so performance comparison becomes possible. The experimental results based on the actual network data show that the MGSA-optimized neural anomaly detector is effective for monitoring abnormal traffic flows in the gigabytes traffic environment, and the accuracy is about 97.8 %.     

Network intrusion detection based on deep learning model optimized with rule-based hybrid feature selection

ABSTRACT

Network Intrusion Detection System (NIDS) is often used to classify network traffic in an attempt to protect computer systems from various network attacks. A major component for building an efficient intrusion detection system is the preprocessing of network traffic and identification of essential features which is essential for building robust classifier. In this study, a NIDS based on deep learning model optimized with rule-based hybrid feature selection is proposed. The architecture is divided into three phases namely: hybrid feature selection, rule evaluation and detection. Several search methods and attribute evaluators were combined for features selection to enhance experimentation and comparison. The results obtained showed that the number of selected features will not affect the detection accuracy of the feature selection algorithms, but directly proportional to the performance of the base classifier. Results from the performance comparison proved that the proposed method outperforms other related methods with reduction of false alarm rate, high accuracy rate, reduced training and testing time of 1.2%, 98.8%, 7.17s and 3.11s, respectively. Finally, the simulation experiments on standard evaluation metrics showed that the proposed method is suitable for attack classification in NIDS.     

基于BP网络与改进的PSO算法的入侵检测研究

本文针对入侵检测系统中的误检率,提出了一种将BP网络和改进的PSO算法相结合的方法。该方法基于BP网络算法的局部精确搜索和改进的PSO算法的全局搜索的特性,并且用改进的PSO算法优化BP网络的权值、阈值,克服BP网络算法易陷入局部极值的弊端。在入侵检测系统中应用该网络结构,能准确地发现已知的攻击行为,并能进一步预测新的攻击行为,减少了入侵事件的漏报和误报。通过KDD99 CUP数据集进行仿真实验,与基于PSO-BP算法、传统的BP算法的入侵检测系统相比较,表明改进的PSO-BP算法的迭代次数较少、收敛速度快、检测率高,有一定的有效性。     

Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection

Classification of intrusion attacks and normal network traffic is a challenging and critical problem in pattern recognition and network security. In this paper, we present a novel intrusion detection approach to extract both accurate and interpretable fuzzy IF-THEN rules from network traffic data for classification. The proposed fuzzy rule-based system is evolved from an agent-based evolutionary framework and multi-objective optimization. In addition, the proposed system can also act as a genetic feature selection wrapper to search for an optimal feature subset for dimensionality reduction. To evaluate the classification and feature selection performance of our approach, it is compared with some well-known classifiers as well as feature selection filters and wrappers. The extensive experimental results on the KDD-Cup99 intrusion detection benchmark data set demonstrate that the proposed approach produces interpretable fuzzy systems, and outperforms other classifiers and wrappers by providing the highest detection accuracy for intrusion attacks and low false alarm rate for normal network traffic with minimized number of features.     

A low-complexity hybrid algorithm based on particle swarm and ant colony optimization for large-MIMO detection

With rapid increase in demand for higher data rates, multiple-input multiple-output (MIMO) wireless communication systems are getting increased research attention because of their high capacity achieving capability. However, the practical implementation of MIMO systems rely on the computational complexity incurred in detection of the transmitted information symbols. The minimum bit error rate performance (BER) can be achieved by using maximum likelihood (ML) search based detection, but it is computationally impractical when number of transmit antennas increases. In this paper, we present a low-complexity hybrid algorithm (HA) to solve the symbol vector detection problem in large-MIMO systems. The proposed algorithm is inspired from the two well known bio-inspired optimization algorithms namely, particle swarm optimization (PSO) algorithm and ant colony optimization (ACO) algorithm. In the proposed algorithm, we devise a new probabilistic search approach which combines the distance based search of ants in ACO algorithm and the velocity based search of particles in PSO algorithm. The motivation behind using the hybrid of ACO and PSO is to avoid premature convergence to a local solution and to improve the convergence rate. Simulation results show that the proposed algorithm outperforms the popular minimum mean squared error (MMSE) algorithm and the existing ACO algorithms in terms of BER performance while achieve a near ML performance which makes the algorithm suitable for reliable detection in large-MIMO systems. Furthermore, a faster convergence to achieve a target BER is observed which results in reduction in computational efforts.     

一种结合自适应局部搜索的粒子群优化算法

本文提出一种结合自适应局部搜索的混合粒子群优化算法.该方法在粒子群优化算法的全局搜索过程中,使用能根据当前种群搜索状态自适应地调整局部搜索空间大小的局部搜索算法加强其局部搜索能力.采用了著名的基准函数对算法的性能进行测试,并与其他已有算法进行了比较.结果表明,这种混合粒子群优化算法能获得更高的搜索成功率和质量更好的解,特别在高维复杂函数优化上具有很强的竞争力.     

Evolution of heterogeneous ensembles through dynamic particle swarm optimization for video-based face recognition

In many real-world applications, pattern recognition systems are designed a priori using limited and imbalanced data acquired from complex changing environments. Since new reference data often becomes available during operations, performance could be maintained or improved by adapting these systems through supervised incremental learning. To avoid knowledge corruption and sustain a high level of accuracy over time, an adaptive multiclassifier system (AMCS) may integrate information from diverse classifiers that are guided by a population-based evolutionary optimization algorithm. In this paper, an incremental learning strategy based on dynamic particle swarm optimization (DPSO) is proposed to evolve heterogeneous ensembles of classifiers (where each classifier corresponds to a particle) in response to new reference samples. This new strategy is applied to video-based face recognition, using an AMCS that consists of a pool of fuzzy ARTMAP (FAM) neural networks for classification of facial regions, and a niching version of DPSO that optimizes all FAM parameters such that the classification rate is maximized. Given that diversity within a dynamic particle swarm is correlated with diversity within a corresponding pool of base classifiers, DPSO properties are exploited to generate and evolve diversified pools of FAM classifiers, and to efficiently select ensembles among the pools based on accuracy and particle swarm diversity. Performance of the proposed strategy is assessed in terms of classification rate and resource requirements under different incremental learning scenarios, where new reference data is extracted from real-world video streams. Simulation results indicate the DPSO strategy provides an efficient way to evolve ensembles of FAM networks in an AMCS. Maintaining particle diversity in the optimization space yields a level of accuracy that is comparable to AMCS using reference ensemble-based and batch learning techniques, but requires significantly lower computational complexity than assessing diversity among classifiers in the feature or decision spaces.     

网络社区发现的多目标分解粒子群优化算法

通过分析社会网络中社区发现问题的优化目标,构造了社区发现的多目标优化模型,提出一种网络社区发现的多目标分解粒子群优化算法。该算法采用切比雪夫法将多目标优化问题分解为多个单目标优化子问题,使用粒子群优化(PSO)算法对社区结构进行挖掘,并引入了一种新颖的基于局部搜索的变异策略以提高算法的搜索效率和收敛速度,该算法克服了单目标优化算法存在的解单一以及难以发现社区层次结构的缺陷。人工网络及真实网络上的实验结果表明,该算法能够快速准确地挖掘网络社区并揭示社区的层次结构。     

基于GATS—C4．5的IP流分类

流分类技术在网络安全监控、QoS、入侵检测等应用领域起着重要的作用,是当前研究的热点.提出一种新的特征选择算法GATS-C4.5来构建轻量级的IP流分类器.该算法采用遗传算法与禁忌搜索相混合的搜索策略对特征子集空间进行随机搜索,然后利用提供的数据在CA.5上的分类正确率作为特征子集的评价标准来获取最优特征子集.在IP流数据集上进行了大量的实验,实验结果表明基于GATS-C4.5的流分类器在不影响检测准确度的情况下能够提高检测速度,并且基于GATS-CA.5的IP流分类器与NBK-FCBF(Naive Bayes method with Kereel density estimation after Correlation-Based Filter)相比具有更小的计算复杂性与更高的检测率.     

蜂群算法在网络入侵检测模式中优化研究

基于网络入侵检测的蜂群算法优化模式是一个用于网络入侵检测开发的专用编程接口.基于该编程接口,本文在Linux平台上设计和实现了一个复杂的入侵检测系统.基于网络入侵检测的蜂群算法与差分进化算法（DE）混合,采用双种群结构,两种独立进化,在适当的时候两种群之间进行信息交换,从而在维持种群多样性的同时加速进化过程.为了使初始种群尽可能均匀分布在搜索空间,采用了基于方向学习的策略来初始化种群,从仿真实验看提高种群解的质量.设计了一种简单入侵检测模式的描述语言,对入侵检测的特征数据库进行优化,对网络异常行为进行入侵检测.     

采用信息增益率的混合入侵检测模型设计

针对现有混合入侵检测模型仅定性选取特征而导致检测精度较低的问题，同时为了充分结合误用检测模型和异常检测模型的优势，提出一种采用信息增益率的混合入侵检测模型.首先，利用信息增益率定量地选择特征子集，最大程度地保留样本信息；其次，采用余弦时变粒子群算法确定支持向量机参数构建误用检测模型，使其更好地平衡粒子在全局和局部的搜索能力，然后，选取灰狼算法确定单类支持向量机参数构建异常检测模型，以此来提高对最优参数的搜索效率和精细程度，综合提高混合入侵检测模型对攻击的检测效果；最后，通过两种数据集进行仿真实验，验证了所提混合入侵检测模型具有较好的检测性能.     

基于传感器网络节点配置优化仿真研究

研究无线传感网络节点配置覆盖优化问题。由于无线传感网络存在着热区问题,对网络的覆盖性能造成严重的影响,同时影响网络配置优化。为了有效的提高无线传感网络的覆盖率,提出了一种改进的粒子群算法优化无线网络节点覆盖。针对粒子群算法存在易陷入局部极值和早熟的缺陷,引入遗传算法中的交叉算子和变异算子,优化传感网络节点的混合粒子群算法,在严格确保无线传感器网络连通性的条件下,传感器节点配置数目达到要求的覆盖度,并进行仿真。仿真结果表明混合粒子群算法能快速收敛到更精确的解,使网络节点配置达到覆盖的优化要求。     

Empirical study on multiclass classification‐based network intrusion detection

Early and effective network intrusion detection is deemed to be a critical basis for cybersecurity domain. In the past decade, although a significant amount of work has focused on network intrusion detection, it is still a challenge to establish an intrusion detection system with a high detection rate and a relatively low false alarm rate. In this paper, we have performed a comprehensive empirical study on network intrusion detection as a multiclass classification task, not just to detect a suspicious connection but also to assign the correct type as well. To surpass the previous studies, we have utilized four deep learning models, namely, deep neural networks, long short‐term memory recurrent neural networks, gated recurrent unit recurrent neural networks, and deep belief networks. Our approach relies on the pretraining of the models by exploiting a particle swarm optimization–based algorithm for their hyperparameters selection. In order to investigate the performance differences, we also included two well‐known shallow learning methods, namely, decision forest and decision jungle. Furthermore, we used in our experiments four datasets, which are dedicated to intrusion detection systems to explore various environments. These datasets are KDD CUP 99, NSL‐KDD, CIDDS, and CICIDS2017. Moreover, 22 evaluation metrics are used to assess the model's performance in each of the datasets. Finally, intensive quantitative, Friedman test, and ranking methods analyses of our results are provided at the end of this paper. The results show a significant improvement in the detection of network attacks with our recommended approach.     

基于优化支持向量机的人脸表情分类

分析了支持向量机（support vector machine, SVM）目前主要存在的问题和参数选择对分类性能的影响后, 提出了以改进粒子群算法优化SVM关键参数的优化SVM算法。将加入拥挤度因子的微粒群算法引入到SVM中, 在不牺牲泛化性能的前提下, 对其参数进行优化, 增加了SVM初始化参数的多样性, 减慢了局部搜索, 促进其在全局范围内的寻优搜索, 以有效克服SVM算法过分依赖初始值和容易陷入局部极小值的缺点, 并利用由粗到精的策略构造多层SVM人脸表情分类器, 在提高准确率的基础上加快分类的速度。实验证明, 新算法具有速度快、准确率高的优点。     

混合自适应粒子群算法在电力经济调度中的应用

以电力系统中发电成本最低为目标,结合实际发电运行中系统平衡约束和机组操作约束条件,建立电力经济调度(ED)模型。由于标准粒子群算法存在易陷入局部最优的问题,用这种方法求解ED模型得到的最终结果会不太理想。为此,本文提出一种非线性自适应权重调整策略来增强算法全局搜索和局部搜索能力,首先引入小生境优化种群策略使算法跳出局部最优,然后将这种改进后的混合自适应粒子群算法（HAPSO）应用于求解ED模型。最后,算例分析结果表明本文所改进算法的有效性,提高了求解精度。     

基于GBDT优化算法的局域网入侵定位与检测研究

入侵检测方法可以在局域网攻击造成广泛破坏之前发现攻击,并据此制定相应的防御措施。为保证局域网的运行安全,提出基于GBDT优化算法的局域网入侵定位与检测方法。考虑局域网的组成结构与工作原理,构建局域网数学模型。在该模型下,根据不同入侵类型的攻击原理,设置入侵检测标准。局域网实时运行数据采集与预处理,从时域和频域两个方面提取局域网的运行特征。利用GBDT优化算法构建局域网入侵分类器,匹配局域网运行数据特征,追踪局域网入侵源位置,最终得出入侵源定位与入侵状态、类型的检测结果。通过性能测试实验,发现与传统方法相比,优化设计方法的入侵定位误差降低了5.75m,入侵类型与入侵数量的正确检测率分别提高13.8%和15.4%,即优化设计方法在定位与检测性能方面具有明显优势。