基于CanpoySMOTE和自适应学习的入侵检测方法研究

提出了一种基于Canopy与人工合成少数类别过采样技术（CSMOTE）和自适应增强学习（AdaBoostM1）的入侵检测分类方法，以有效减少入侵检测模型因训练数据集攻击类型不均衡而导致的分类误差，提高分类准确率。通过Canopy聚类消除训练集中的孤立点或噪音点，减少训练集噪声；并在预处理时通过SMOTE增加少数类别的样本数量，构造类间平衡的平衡数据集，然后在平衡数据集上用AdaBoosM1训练得到分类器。与在原始训练集上训练的分类器相比，该方法在保持整体准确率高的情况下，少数类别U2R攻击的准确率提升20%，R2L攻击的准确率提升5%，同时平均漏报率降低9%，实验结果表明该方法可以有效提升少数类别准确率，降低平均漏报率，能有效地解决网络入侵检测少数类误分类问题。

Research on Intrusion Detection Method Based on CanpoySMOTE and Adaptive Learning

An intrusion detection classification method based on Canopy artificial synthesis minority class oversampling technology (SMOTE) and adaptive enhanced learning (AdaBoostM1) was proposed to effectively reduce the classification error caused by the uneven attack types in the training dataset of the intrusion detection model and improve the classification accuracy.Eliminate outliers or noise points in the training set by Canopy clustering to reduce the noise of the training set.In the pretreatment, the number of samples of a few categories was increased by means of SMOTE to construct the balanced dataset with inter-class balance, and then the classifier was trained on the balanced dataset with AdaBoosM1.And on the original training set training classifier, compared to the method in keeping the overall accuracy is high, a few categories U2R attacks up 20% accuracy and R2L accuracy of 5% increased attack, at the same time non-response rates by 9% on average, the experimental results show the method can effectively improve classification accuracy, reduce the average non-response rates, effectively solve the network intrusion detection a few kinds of classification problem.