一种高效的面向轻量级入侵检测系统的特征选择算法

特征选择是网络安全、模式识别、数据挖掘等领域的重要问题之一.针对高维数据对象,特征选择一方面可以提高分类精度和效率,另一方面可以找出富含信息的特征子集.文中提出一种wrapper型的特征选择算法来构建轻量级入侵检测系统.该算法采用遗传算法和禁忌搜索相混合的搜索策略对特征子集空间进行随机搜索,然后利用提供的数据在无约束优化线性支持向量机上的平均分类正确率作为特征子集的评价标准来获取最优特征子集.文中按照DOS,PROBE,R2L,U2R 4个类别对KDD1999数据集进行分类,并且在每一类上进行了大量的实验.实验结果表明,对每一类攻击文中提出的特征选择算法不仅可以加快特征选择的速度,而且基于该算法构建的入侵检测系统在建模时间、检测时间、检测已知攻击、检测未知攻击上,与没有运用特征选择的入侵检测系统相比具有更好的性能.     

基于GATS—C4．5的IP流分类

流分类技术在网络安全监控、QoS、入侵检测等应用领域起着重要的作用,是当前研究的热点.提出一种新的特征选择算法GATS-C4.5来构建轻量级的IP流分类器.该算法采用遗传算法与禁忌搜索相混合的搜索策略对特征子集空间进行随机搜索,然后利用提供的数据在CA.5上的分类正确率作为特征子集的评价标准来获取最优特征子集.在IP流数据集上进行了大量的实验,实验结果表明基于GATS-C4.5的流分类器在不影响检测准确度的情况下能够提高检测速度,并且基于GATS-CA.5的IP流分类器与NBK-FCBF(Naive Bayes method with Kereel density estimation after Correlation-Based Filter)相比具有更小的计算复杂性与更高的检测率.     

基于特征选择的网络入侵检测模型研究

为了有效从收集的恶意数据中选择特征去分析,保障网络系统的安全与稳定,需要进行网络入侵检测模型研究;但目前方法是采用遗传算法找出网络入侵的特征子集,再利用粒子群算法进行进一步选择,找出最优的特征子集,最后利用极限学习机对网络入侵进行分类,但该方法准确性较低;为此,提出一种基于特征选择的网络入侵检测模型研究方法;该方法首先以增强寻优性能为目标对网络入侵检测进行特征选择,结合分析出的特征选择利用特征属性的Fisher比构造出特征子集的评价函数,然后结合计算出的特征子集评价函数进行支持向量机完成对基于特征选择的网络入侵检测模型研究方法;仿真实验表明,利用支持向量机对网络入侵进行检测能有效地提高入侵检测的速度以及入侵检测的准确性。     

Decision tree based light weight intrusion detection using a wrapper approach

The objective of this paper is to construct a lightweight Intrusion Detection System (IDS) aimed at detecting anomalies in networks. The crucial part of building lightweight IDS depends on preprocessing of network data, identifying important features and in the design of efficient learning algorithm that classify normal and anomalous patterns. Therefore in this work, the design of IDS is investigated from these three perspectives. The goals of this paper are (i) removing redundant instances that causes the learning algorithm to be unbiased (ii) identifying suitable subset of features by employing a wrapper based feature selection algorithm (iii) realizing proposed IDS with neurotree to achieve better detection accuracy. The lightweight IDS has been developed by using a wrapper based feature selection algorithm that maximizes the specificity and sensitivity of the IDS as well as by employing a neural ensemble decision tree iterative procedure to evolve optimal features. An extensive experimental evaluation of the proposed approach with a family of six decision tree classifiers namely Decision Stump, C4.5, Naive Baye’s Tree, Random Forest, Random Tree and Representative Tree model to perform the detection of anomalous network pattern has been introduced.     

Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection

Classification of intrusion attacks and normal network traffic is a challenging and critical problem in pattern recognition and network security. In this paper, we present a novel intrusion detection approach to extract both accurate and interpretable fuzzy IF-THEN rules from network traffic data for classification. The proposed fuzzy rule-based system is evolved from an agent-based evolutionary framework and multi-objective optimization. In addition, the proposed system can also act as a genetic feature selection wrapper to search for an optimal feature subset for dimensionality reduction. To evaluate the classification and feature selection performance of our approach, it is compared with some well-known classifiers as well as feature selection filters and wrappers. The extensive experimental results on the KDD-Cup99 intrusion detection benchmark data set demonstrate that the proposed approach produces interpretable fuzzy systems, and outperforms other classifiers and wrappers by providing the highest detection accuracy for intrusion attacks and low false alarm rate for normal network traffic with minimized number of features.     

基于量子进化算法的网络入侵检测特征选择

针对当前网络入侵检测中普遍存在检测速度较慢的缺陷,提出了一种新的网络入侵检测特征选择方法。该方法将量子进化算法应用于网络入侵检测的特征选择,从网络连接的原始特征属性中选出一组有效的特征用于入侵检测,以提高检测效率。首先以增强寻优性能为目标改进了量子进化算法,基于特征属性的Fisher比构造了特征子集的评价函数,然后按照量子进化算法的流程设计了网络入侵检测特征选择算法。通过KDD99样本数据集的实验,表明算法是有效的,既保证了入侵检测的分类性能,也提高了入侵检测的效率。     

基于连接数据分析和OSELM分类器的网络入侵检测系统

针对网络入侵的实时高效检测问题,提出一种基于网络连接数据分析和在线贯序极限学习机(OSELM)分类器的网络入侵检测系统(IDS)。首先,对入侵数据库中的网络连接数据进行分析,通过特征选择算法选择出最优特征子集。然后,迭代执行交叉验证,并通过Alpha剖析来缩减样本尺寸,以此减低后续分类器的计算复杂度。最后,利用优化后的样本特征集来训练OSELM分类器,以此构建一个网络实时入侵检测系统。在NSL-KDD数据库上的实验结果表明,提出的IDS具有较高的检测率和较低的误报率,同时检测时间较短,符合实时入侵检测的要求。     

基于GAIG特征选择算法的轻量化DDoS攻击检测方法

为了提高基于分类的DDoS攻击检测方法的实时性,通过结合轻量级入侵检测提出了以遗传算法为搜索策略、信息增益为子集评估标准的filter型特征选择算法GAIG（Feature Selection based on Genetic Algorithm and Information Gain）,提取具有高区分度的相对最小特征子集。在此基础上对比了Na?ve Bayes、C4.5、SVM、RBF Network、Random Forest和Random Tree这六种常用分类器的性能,并选取Random Tree构建了一种轻量化的DDoS攻击检测系统。实验结果表明,GAIG算法使分类器在尽可能不降低分类精度的同时,提高分类速度,从而提高分类检测的实时性;该轻量化攻击检测系统比一般的分类模型具有更好的检测未知攻击的能力。     

Intelligent Intrusion Detection System for Industrial Internet of Things Environment

Rapid increase in the large quantity of industrial data, Industry 4.0/5.0 poses several challenging issues such as heterogeneous data generation, data sensing and collection, real-time data processing, and high request arrival rates. The classical intrusion detection system (IDS) is not a practical solution to the Industry 4.0 environment owing to the resource limitations and complexity. To resolve these issues, this paper designs a new Chaotic Cuckoo Search Optimization Algorithm (CCSOA) with optimal wavelet kernel extreme learning machine (OWKELM) named CCSOA-OWKELM technique for IDS on the Industry 4.0 platform. The CCSOA-OWKELM technique focuses on the design of feature selection with classification approach to achieve minimum computation complexity and maximum detection accuracy. The CCSOA-OWKELM technique involves the design of CCSOA based feature selection technique, which incorporates the concepts of chaotic maps with CSOA. Besides, the OWKELM technique is applied for the intrusion detection and classification process. In addition, the OWKELM technique is derived by the hyperparameter tuning of the WKELM technique by the use of sunflower optimization (SFO) algorithm. The utilization of CCSOA for feature subset selection and SFO algorithm based hyperparameter tuning leads to better performance. In order to guarantee the supreme performance of the CCSOA-OWKELM technique, a wide range of experiments take place on two benchmark datasets and the experimental outcomes demonstrate the promising performance of the CCSOA-OWKELM technique over the recent state of art techniques.     

粒子群优化支持向量机的入侵检测算法

为了提高网络入侵的检测正确率,针对网络入侵检测中特征选择问题,将二值粒子群优化算法(BPSO)用于网络入侵特征选择,结合支持向量机(SVM)提出了一种基于BPSO-SVM的网络入侵检测算法。该算法将网络入侵检测转化为多分类问题,采用wrapper特征选择模型,以SVM为分类器,通过样本训练分类器,根据分类结果,利用BPSO算法在特征空间中进行全局搜索,选择最优特征集进行分类。实验结果表明,BPSO-SVM有效降低了特征维数,显著提高了网络入侵的检测正确率,还大大缩短了检测时间。     

Trust Management and Admission Control for Host-Based Collaborative Intrusion Detection

The accuracy of detecting an intrusion within a network of intrusion detection systems (IDSes) depends on the efficiency of collaboration between member IDSes. The security itself within this network is an additional concern that needs to be addressed. In this paper, we present a trust-based framework for secure and effective collaboration within an intrusion detection network (IDN). In particular, we design a trust model that allows each IDS to evaluate the trustworthiness of other IDSes based on its personal experience. We also propose an admission control algorithm for the IDS to manage the acquaintances it approaches for advice about intrusions. We discuss the effectiveness of our approach in protecting the IDN against common attacks. Additionally, experimental results demonstrate that our system yields significant improvement in detecting intrusions. The trust model further improves the robustness of the collaborative system against malicious attacks. The experimental results also support that our admission control algorithm is effective and fair, and creates incentives for collaboration.     

入侵检测技术研究综述

近年来，入侵检测已成为网络安全领域的热点课题。异常检测和误用检测是入侵检测的主要分析方法，前者包括统计分析、模式预测、神经网络、遗传算法、序列匹配与学习、免疫系统、基于规范、数据挖掘、完整性检查和贝叶斯技术，后者包括专家系统、基于模型、状态转换分析、Petri网络、协议分析和决策树，其它还有报警关联分析、可视化和诱骗等分析技术。入侵检测系统的体系结构分为集中式结构和分布式结构，高性能检测技术、分布式构架、系统评估、标准化和安全技术融合是其今后重要的发展方向。     

基于粒子群优化的入侵特征选择算法

针对高维数入侵检测数据集中信息冗余导致入侵检测算法处理速度慢的问题,提出了一种基于粒子群优化的入侵特征选择算法,通过分析网络入侵数据特征之间的相关性,可使粒子群优化算法在所有特征空间中优化搜索,自主选择有效特征子集,降低数据维度。实验结果表明该算法能够有效去除冗余特征,减少特征选择时间,在保证检测准确率的前提下,有效地提高了系统的检测速度。     

Comparative study for feature selection algorithms in intrusion detection system

The Intrusion Detection System (IDS) deals with the huge amount of network data that includes redundant and irrelevant features causing slow training and testing procedure, higher resource usage and poor detection ratio. Feature selection is a vital preprocessing step in intrusion detection. Hence, feature selec-tion is an essential issue in intrusion detection and need to be addressed by selec-ting the appropriate feature selection algorithm. A major challenge to select the optimal feature selection methods can precisely calculate the relevance of fea-tures to the detection process and the redundancy among features. In this paper, we study the concepts and algorithms used for feature selection algorithms in the IDS. We conclude this paper by identifying the best feature selection algorithm to select the important and useful features from the network dataset.     

Practical real-time intrusion detection using machine learning approaches

The growing prevalence of network attacks is a well-known problem which can impact the availability, confidentiality, and integrity of critical information for both individuals and enterprises. In this paper, we propose a real-time intrusion detection approach using a supervised machine learning technique. Our approach is simple and efficient, and can be used with many machine learning techniques. We applied different well-known machine learning techniques to evaluate the performance of our IDS approach. Our experimental results show that the Decision Tree technique can outperform the other techniques. Therefore, we further developed a real-time intrusion detection system (RT-IDS) using the Decision Tree technique to classify on-line network data as normal or attack data. We also identified 12 essential features of network data which are relevant to detecting network attacks using the information gain as our feature selection criterions. Our RT-IDS can distinguish normal network activities from main attack types (Probe and Denial of Service (DoS)) with a detection rate higher than 98% within 2 s. We also developed a new post-processing procedure to reduce the false-alarm rate as well as increase the reliability and detection accuracy of the intrusion detection system.     

面向入侵检测的基于IMGA和MKSVM的特征选择算法

入侵检测系统处理的数据具有数据量大、特征维数高等特点,会降低检测算法的处理速度和检测效率。为了提高入侵检测系统的检测速度和准确率,将特征选择应用到入侵检测系统中。首先提出一种基于免疫记忆和遗传算法的高效特征子集生成策略,然后研究基于支持向量机的特征子集评估方法。并针对可能出现的数据集不平衡造成的特征子集评估能力下降,以黎曼几何为依据,利用保角变换对核函数进行修改,以提高支持向量机的分类泛化能力。实验仿真表明,提出的特征选择算法不仅可以提高特征选择的效果,而且在不平衡数据集上具有更好的特征选择能力。还表明,基于该方法构建的入侵检测系统与没有运用特征选择的入侵检测系统相比具有更好的性能。     

基于AFSA-SVM的网络入侵检测模型

特征选择是网络入侵检测研究中的核心问题,为了提高网络入侵检测率,提出一种人工鱼群算法（AFSA）和支持向量机（SVM）相融合的网络入侵检测模型（AFSA-SVM）。将网络特征子集编码成人工鱼的位置,以5折交叉验证SVM训练模型检测率作为特征子集优劣的评价标准,通过模拟鱼群的觅食、聚群及追尾行为找到最优特征子集,SVM根据最优特征子集进行网络入侵检测,并采用KDD CUP 99数据集进行仿真测试。仿真结果表明,相对于粒子群优化算法、遗传算法和原始特征法,AFSA-SVM提高了入侵检测效率和检测率,是一种有效的网络入侵检测模型。     

基于数据挖掘的入侵特征选择与构造的新方法

入侵检测问题实际上是一个分类问题, 特征选择的好坏直接决定了分类模型的性能。针对计算机安全问题是事后于计算机系统设计、没有标准的审计机制和专门的数据格式用于入侵检测分析用途的现状, 讨论了通过扩展数据挖掘基本算法来对分析数据源进行特征选择, 同时比较挖掘出来的正常模式和异常模式, 构造新的特征, 以加强入侵检测准确率和实时性。     

序列模式挖掘在入侵检测中的应用研究

入侵检测系统是计算机安全体系中的一个重要构成要素,随着网络数据流量的不断增大,与数据挖掘相结合的入侵检测系统成为了研究热点。本文针对计算机入侵检测中网络安全审计数据的特点,提出了一个改进的PrefixSpan算法,并通过检测一个网络审计记录的实验,进行了结果分析。     

Wrapper Based Linear Discriminant Analysis (LDA) for Intrusion Detection in IIoT

The internet has become a part of every human life. Also, various devices that are connected through the internet are increasing. Nowadays, the Industrial Internet of things (IIoT) is an evolutionary technology interconnecting various industries in digital platforms to facilitate their development. Moreover, IIoT is being used in various industrial fields such as logistics, manufacturing, metals and mining, gas and oil, transportation, aviation, and energy utilities. It is mandatory that various industrial fields require highly reliable security and preventive measures against cyber-attacks. Intrusion detection is defined as the detection in the network of security threats targeting privacy information and sensitive data. Intrusion Detection Systems (IDS) have taken an important role in providing security in the field of computer networks. Prevention of intrusion is completely based on the detection functions of the IDS. When an IIoT network expands, it generates a huge volume of data that needs an IDS to detect intrusions and prevent network attacks. Many research works have been done for preventing network attacks. Every day, the challenges and risks associated with intrusion prevention are increasing while their solutions are not properly defined. In this regard, this paper proposes a training process and a wrapper-based feature selection With Direct Linear Discriminant Analysis LDA (WDLDA). The implemented WDLDA results in a rate of detection accuracy (DRA) of 97% and a false positive rate (FPR) of 11% using the Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) dataset.