电子学报 ›› 2019, Vol. 47 ›› Issue (5): 1070-1078.DOI: 10.3969/j.issn.0372-2112.2019.05.014

• 学术论文 • 上一篇    下一篇

基于KELM选择性集成的复杂网络环境入侵检测

刘金平1,2, 何捷舟1, 马天雨3, 张五霞1, 唐朝晖4, 徐鹏飞1   

  1. 1. 湖南师范大学智能计算与语言信息处理湖南省重点实验室, 湖南长沙 410081;
    2. 湖南师范大学计算与随机数学教育部重点实验室, 湖南长沙 410081;
    3. 湖南师范大学物理与电子科学学院, 湖南长沙 410081;
    4. 中南大学信息科学与工程学院, 湖南长沙 410083
  • 收稿日期:2018-08-13 修回日期:2018-10-16 出版日期:2019-05-25 发布日期:2019-05-25
  • 通讯作者: 马天雨
  • 作者简介:刘金平 男,1983年生于湖南洞口.博士,湖南师范大学信息科学与工程学院副教授.研究方向为智能信息处理.E-mail:ljp202518@163.com;何捷舟 男,1994年生于湖南常德.目前在湖南师范大学信息科学与工程学院攻读硕士学位.研究方向为计算机视觉和模式识别.E-mail:hdc@smail.hunnu.edu.cn
  • 基金资助:
    国家自然科学基金(No.61501183,No.61771492,No.61472134);国家自然科学基金-广东联合基金重点项目(No.U1701261);湖南省自然科学基金(No.2018JJ3349);湖南省研究生科研创新项目(No.CX2018B312)

Selective Ensemble of KELM-Based Complex Network Intrusion Detection

LIU Jin-ping1,2, HE Jie-zhou1, MA Tian-yu3, ZHANG Wu-xia1, TANG Zhao-hui4, XU Peng-fei1   

  1. 1. Hunan Provincial Key Laboratory of Intelligent Computing and Language Information Processing, Hunan Normal University, Changsha, Hunan 410081, China;
    2. Key Laboratory of Computing and Stochastic Mathematics(Ministry of Education), Hunan Normal University, Changsha, Hunan 410081, China;
    3. School of Physics and Electronics, Hunan Normal University, Changsha, Hunan 410081, China;
    4. School of Information Science and Engineering, Central South University, Changsha, Hunan 410083, China
  • Received:2018-08-13 Revised:2018-10-16 Online:2019-05-25 Published:2019-05-25

摘要: 为解决复杂网络环境网络入侵事件特征复杂多变、新型入侵检测度低、检测时间长、难以实现实时检测的问题,本文提出一种基于核极限学习机(Kernel Extreme Learning Machine,KELM)选择性集成的网络入侵检测方法(SEoKELM-NID).该方法采用Bagging策略独立快速训练出多个KELM子学习器;然后基于边缘距离最小化(Margin Distance Minimization,MDM)准则对KELM子学习器的集成增益进行度量,通过选择增益度高的部分KELM子学习器进行选择性集成,获得泛化能力强、效率高的选择性集成学习器;同时,引入一种基于批量样本增量学习的KELM子分类器在线更新策略,实现入侵检测模型的在线更新,使SEoKELM-NID能有效适应复杂网络环境的变化.在KDD99数据集和一个以太网和无线网络混合的复杂网络仿真实验平台上进行了仿真实验验证,结果表明,SEoKELM-NID相比基于单个学习器以及传统集成学习的网络入侵检测方法具有更好的识别准确性以及更快的识别速度,特别对于未知的网络入侵连接事件响应速度快、漏报率低.

关键词: 网络入侵检测, 极限学习机(ELM), 异常检测, 选择性集成学习, 边缘距离最小化

Abstract: To solve the problem of the low detection accuracy of new intrusions with long detection time due to the complex and changeable nature of network intrusions,this paper proposes a network intrusion detection method based on the selective learning of Kernel Extreme Learning Machines (KELMs).First,based on the high efficiency learning characteristics of the single KELM learner,multiple KELMs are trained independently by the Bagging strategy.Then,based on the margin distance minimization (MDM) guidelines,KELM learners are integrated by selecting a part of them with high gains based on the MDM-based gain measures.Extensive validation and comparative experiments on the the KDD99 data set and on a hybrid network simulation platform mixed with wireless networks and Ethernet networks demonstrate that the proposed method achieves better recognition accuracies with faster recognition speed than the network intrusion detection methods based on the single learner and the traditional ensemble learning,which can effectively detect the known and unknown network intrusion connection in real time.

Key words: network intrusion detection, extreme learning machine (ELM), anomaly detection, selective ensemble learning, margin distance minimization

中图分类号: