基于KELM选择性集成的复杂网络环境入侵检测

doi:10.3969/j.issn.0372-2112.2019.05.014

摘要
图/表
参考文献(0)
相关文章 (11)

全文: PDF (779 KB) HTML (1 KB)
输出: BibTeX | EndNote (RIS)

摘要为解决复杂网络环境网络入侵事件特征复杂多变、新型入侵检测度低、检测时间长、难以实现实时检测的问题，本文提出一种基于核极限学习机（Kernel Extreme Learning Machine，KELM）选择性集成的网络入侵检测方法（SEoKELM-NID）.该方法采用Bagging策略独立快速训练出多个KELM子学习器；然后基于边缘距离最小化（Margin Distance Minimization，MDM）准则对KELM子学习器的集成增益进行度量，通过选择增益度高的部分KELM子学习器进行选择性集成，获得泛化能力强、效率高的选择性集成学习器；同时，引入一种基于批量样本增量学习的KELM子分类器在线更新策略，实现入侵检测模型的在线更新，使SEoKELM-NID能有效适应复杂网络环境的变化.在KDD99数据集和一个以太网和无线网络混合的复杂网络仿真实验平台上进行了仿真实验验证，结果表明，SEoKELM-NID相比基于单个学习器以及传统集成学习的网络入侵检测方法具有更好的识别准确性以及更快的识别速度，特别对于未知的网络入侵连接事件响应速度快、漏报率低.

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	刘金平
	何捷舟
	马天雨
	张五霞
	唐朝晖
	徐鹏飞

关键词 ：网络入侵检测, 极限学习机(ELM), 异常检测, 选择性集成学习, 边缘距离最小化

Abstract：To solve the problem of the low detection accuracy of new intrusions with long detection time due to the complex and changeable nature of network intrusions,this paper proposes a network intrusion detection method based on the selective learning of Kernel Extreme Learning Machines (KELMs).First,based on the high efficiency learning characteristics of the single KELM learner,multiple KELMs are trained independently by the Bagging strategy.Then,based on the margin distance minimization (MDM) guidelines,KELM learners are integrated by selecting a part of them with high gains based on the MDM-based gain measures.Extensive validation and comparative experiments on the the KDD99 data set and on a hybrid network simulation platform mixed with wireless networks and Ethernet networks demonstrate that the proposed method achieves better recognition accuracies with faster recognition speed than the network intrusion detection methods based on the single learner and the traditional ensemble learning,which can effectively detect the known and unknown network intrusion connection in real time.

Key words： network intrusion detection extreme learning machine (ELM) anomaly detection selective ensemble learning margin distance minimization

收稿日期: 2018-08-13 出版日期: 2018-11-22

ZTFLH:

TP391

基金资助:国家自然科学基金（No.61501183，No.61771492，No.61472134）；国家自然科学基金-广东联合基金重点项目（No.U1701261）；湖南省自然科学基金（No.2018JJ3349）；湖南省研究生科研创新项目（No.CX2018B312）

通讯作者: 马天雨 E-mail: ljp@hunnu.edu.cn

作者简介: 刘金平 男,1983年生于湖南洞口.博士,湖南师范大学信息科学与工程学院副教授.研究方向为智能信息处理.E-mail:ljp202518@163.com;何捷舟 男,1994年生于湖南常德.目前在湖南师范大学信息科学与工程学院攻读硕士学位.研究方向为计算机视觉和模式识别.E-mail:hdc@smail.hunnu.edu.cn

引用本文:

刘金平, 何捷舟, 马天雨, 张五霞, 唐朝晖, 徐鹏飞. 基于KELM选择性集成的复杂网络环境入侵检测[J]. 电子学报, 2019, 47(5): 1070-1078. LIU Jin-ping, HE Jie-zhou, MA Tian-yu, ZHANG Wu-xia, TANG Zhao-hui, XU Peng-fei. Selective Ensemble of KELM-Based Complex Network Intrusion Detection. Acta Electronica Sinica, 2019, 47(5): 1070-1078.

链接本文:

http://www.ejournal.org.cn/CN/10.3969/j.issn.0372-2112.2019.05.014 或 http://www.ejournal.org.cn/CN/Y2019/V47/I5/1070

[1] 高妮,高岭,等.基于自编码网络特征降维的轻量级入侵检测模型[J].电子学报,2017,45(3):730-739. GAO Ni,GAO Ling,et al.A lightweight intrusion detection model based on autoencoder network with feature reduction[J].Acta Electronica Sinica,2017,45(3):730-739.(in Chinese)
[2] HAMAMOTO A H,SAMPAIO L D H,ABR O T,et al.Network anomaly detection system using genetic algorithm and fuzzy logic[J].Expert Systems with Applications,2018,92(1):309-402.
[3] 李立勋,张斌,董书琴,等.基于脆弱性变换的网络动态防御有效性分析方法[J].电子学报,2018,46(12):3014-3020. LI Li-xun,ZHANGBin,DONG Shu-qin,et al.Effectiveness analysis approach based on vulnerability mutation for network dynamic defense[J].Acta Electronica Sincia,2018,46(12):3014-3020.(in Chinese)
[4] SULTANA N,CHILAMKURTI N,PENG W,et al.Survey on SDN based network intrusion detection system using machine learning approaches[J].Peer-to-Peer Networking and Applications,2018,11(1-2):1-9.
[5] CHITRAKAR R,HUANG C.Selection of candidate support vectors in incremental SVM for network intrusion detection[J].Computers & Security,2014,45(3):231-241.
[6] WANG C R,XU R F,LEE S J,et al.Network intrusion detection using equality constrained-optimization-based extreme learning machines[J].Knowledge-Based Systems,2018,147(1):68-80.
[7] SONG Y,YAO S,et al.A new k-ary crisp decision tree induction with continuous valued attributes[J].Chinese Journal of Electronics,2017,26(5):999-1007.
[8] SHEN Y,ZHENG K,WU C,et al.An ensemble method based on selection using bat algorithm for intrusion detection[J].Computer Journal,2018,61(4):526-538.
[9] MA T,WANG F,CHENG J,et al.A hybrid spectral clustering and deep neural network ensemble algorithm for intrusion detection in sensor networks[J].Sensors,2016,16(10):1701.
[10] LIU J,HE J,ZHANG W,et al.TCvBsISM:Texture classification via B-splines-based image statistical modeling[J].IEEE Access,2018,6(1):44876-44893.
[11] LI S,SONG S,HUANG G,et al.Cross-domain extreme learning machines for domain adaptation[J].IEEE Transactions on Systems Man & Cybernetics Systems,2018,PP(99):1-14.
[12] HUANG G B.What are extreme learning machines? filling the gap between Frank Rosenblatt's dream and John Von Neumann's puzzle[J].Cognitive Computation,2015,7(3):263-278.
[13] HUANG G,HUANG G B,SONG S,et al.Trends in extreme learning machines:a review[J].Neural Networks,2015,61(C):32-48.
[14] HUANG J,YU Z L,CAI Z,et al.Extreme learning machine with multi-scale local receptive fields for texture classification[J].Multidimensional Systems and Signal Processing,2017,28(3):995-1011.
[15] LIANG N Y,HUANG G B,SARATCHANDRAN P,et al.A fast and accurate online sequential learning algorithm for feedforward networks[J].IEEE Trans Neural Netw,2006,17(6):1411-1423.
[16] 杨乐,杨磊.基于核函数的在线序列ELM模型[J].纺织高校基础科学学报,2013,26(4):516-520. YANG Le,et al.Online sequence ELM model based on the kernel function[J].Basic Science Journal of Textile Universities,2013,26(4):516-520.(in Chinese)
[17] MA G,WANG Y,WU L.Subspace ensemble learning via totally-corrective boosting for gait recognition[J].Neurocomputing,2016,224(1):119-127.
[18] ERDAL H,KARAHANOÉLUB Í.Bagging ensemble models for bank profitability:an emprical research on Turkish development and investment banks[J].Applied Soft Computing,2016,49(1):861-867.
[19] DRUCKER H,CORTES C,JACKEL L D,et al.Boosting and other ensemble methods[J].Neural Computation,1994,6(6):1289-1301.
[20] ZHOU Z,CHEN J,SONG Y,et al.RFSEN-ELM:Selective ensemble of extreme learning machines using rotation forest for image classification[J].Neural Network World,2017,27(5):499-517.
[21] ZHOU Z H,WU J,TANG W.Ensembling neural networks:many could be better than all[J].Artificial Intelligence,2002,137(1-2):239:263.
[22] MARTINEZMUOZ G,HERNANDEZLOBATO D,SUAREZ A.An Analysis of ensemble pruning techniques based on ordered aggregation[J].IEEE Transactions on Pattern Analysis & Machine Intelligence,2009,31(2):245-259.
[23] MART NEZ-MU OZ G,SU REZ A.Aggregation ordering in bagging[OL].http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.146.3650.2004.
[24] DAVIS J J,CLARK A J.Data preprocessing for anomaly based network intrusion detection:A review[J].Computers & Security,2011,30(6):353-375.
[25] HASAN M A M,NASSER M,PAL B,et al.Support vector machine and random forest modeling for intrusion detection system (IDS)[J].Journal of Intelligent Learning Systems & Applications,2014,6(1):45-52.
[26] KOC L,MAZZUCHI T A,SARKANI S.A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier[J].Expert Systems with Applications,2012,39(18):13492-13500.
[27] HU J,MIN J.Automated detection of driver fatigue based on EEG signals using gradient boosting decision tree model[J].Cognitive Neurodynamics,2018,12(12):1-10.
[28] Duan Q,Al-Shaer E.Traffic-aware dynamic firewall policy management:techniques and applications[J].IEEE Communications Magazine,2013,51(7):73-79.