融合随机森林和梯度提升树的入侵检测研究
CSTR:
作者:
作者单位:

作者简介:

周杰英(1966-),女,博士,副教授,CCF专业会员,主要研究领域为网络空间安全,计算机网络,车联网路由协议,边缘计算,区块链.
贺鹏飞(1996-),男,硕士,主要研究领域为网络空间安全,计算机网络,物联网,车联网.
邱荣发(1993-),男,硕士,主要研究领域为网络安全态势感知,机器学习,深度学习.
陈国(1997-),男,硕士,CCF学生会员,主要研究领域为网络空间安全,区块链.
吴维刚(1976-),男,博士,教授,博士生导师,CCF专业会员,主要研究领域为网络与分布式计算,云计算,分布式机器学习,区块链.

通讯作者:

吴维刚,Email:wuweig@mail.sysu.edu.cn

中图分类号:

TP309

基金项目:

国家重点研发计划(2018YFB0203803);国家自然科学基金(U1711263,U1801266);广东省自然科学基金(2018A030313492,2018B030312002)


Research on Intrusion Detection Based on Random Forest and Gradient Boosting Tree
Author:
Affiliation:

Fund Project:

National Key Research and Development Project of China (2018YFB0203803); National Natural Science Foundation of China (U1711263, U1801266); Natural Science Foundation of Guangdong Province of China (2018A030313492, 2018B030312002)

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    网络入侵检测系统作为一种保护网络免受攻击的安全防御技术,在保障计算机系统和网络安全领域起着非常重要的作用.针对网络入侵检测中数据不平衡的多分类问题,机器学习已被广泛用于入侵检测,比传统方法更智能、更准确.对现有的网络入侵检测多分类方法进行了改进研究,提出了一种融合随机森林模型进行特征转换、使用梯度提升决策树模型进行分类的入侵检测模型RF-GBDT,该模型主要分为特征选择、特征转换和分类器这3个部分.采用UNSW-NB15数据集对RF-GBDT模型进行了实验测试,与其他3种同领域的算法相比,RF-GBDT既缩短了训练时间,又具有较高的检测率和较低的误报率,在测试数据集上受试者工作特征曲线下的面积可达98.57%.RF-GBDT对于解决网络入侵检测数据不平衡的多分类问题具有较显著的优势,是一种切实可行的入侵检测方法.

    Abstract:

    As a security defense technique to protect the network from attacks, the system of network intrusion detection system, as a security defense technology to protect the network from attacks, plays a very important crucial role in the field of guaranteeing computer system and network security. However, for the multi-classification problem of unbalanced data in network intrusion detection data, machine learning has been widely used in intrusion detection so as to achieve high intelligence and accuracy. In this paper, the current multi-classification method for network intrusion detection is improved, and an intrusion detection model RF-GBDT is proposed, which applies based on the random forest model for to feature conversion and classification using the model of gradient boosting decision tree to classification model is proposed. The model is mainly includes divided into three parts:Feature selection, feature conversion, and classifier. The UNSW-NB15 dataset was used for the experimental data set to test; experimental tests were carried out on the RF-GBDT model. Compared with the other three algorithms in the same field, RF-GBDT, this model not only reduces training time, but also has a higher detection rate and a lower false alarm rate. The area under the subject's working characteristic curve on the test data set can reach 98.57%. RF-GBDT, the proposed model has significant advantages in solving the multi-class problem of multi-classification of unbalanced data in network intrusion detection data and is a feasible method for network intrusion detection.

    参考文献
    相似文献
    引证文献
引用本文

周杰英,贺鹏飞,邱荣发,陈国,吴维刚.融合随机森林和梯度提升树的入侵检测研究.软件学报,2021,32(10):3254-3265

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2019-09-12
  • 最后修改日期:2020-02-01
  • 录用日期:
  • 在线发布日期: 2021-10-09
  • 出版日期: 2021-10-06
文章二维码
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号