基于小样本标记实例的数据流集成入侵检测模型

基于监督学习的异常入侵检测算法通常面临着训练样本不足的问题,同时,对整个历史数据集进行等同学习,没有充分考虑到网络数据模式随时间变化的特点.本文提出了一种基于小样本标记实例的数据流集成入侵检测模型,对小样本的标记数据集进行扩展,解决了训练样本不足的问题,并能够充分适应网络数据模式随时间变化的特点.实验结果表明,在小样本标记实例情况下,算法的检测性能明显优于基于所有历史数据进行入侵检测的结果.

A Streaming Ensemble Intrusion Detection Model Based on Small Labeled Data

Existing anomaly intrusion detection algorithms based on supervised learning usually face difficulties when the training samples are insufficient. At the same time, the characteristics that the pattern of network traffic is changing over time are not considered adequately by the intrusion detection algorithms which are based on the equivalent learning of all historical dataset. So, a streaming ensemble intrusion detection model based on small labeled data is presented, in which a small labeled dataset is extended to work out the problem of the insufficiency of training samples. In addition, it can adapt to the changes of network traffic adequately. The experimental results manifest that the algorithm has better detection performance than those based on all historical data while the size of labeled dataset is very small.