网络入侵检测的GEP规则提取算法研究

针对基于机器学习网络入侵检测存在的未知攻击检测率低、规则多而复杂导致检测效率不高等问题,提出了基于约束的基因表达式编程(GEP)规则提取算法(CGREA).用GEP模式表示入侵检测规则,定义了约束文法对规则个体进行约束,以满足规则的充分性和封闭性.CGREA算法限定GEP规则基因头部各类符号的随机选择数目比例.并采用精英策略以保证算法收敛性.用KDDCUP'99数据集对CGREA算法提取的入侵检测规则进行评估,总攻击检测率为91.36%,其中有3种未知攻击的检测率超过88%.结果表明,CGREA算法能在较小种群和有限代数内提取出简单而有效的规则,未知攻击检测率和检测性能也得到提高.

Study on GEP Rule Extraction Algorithm for Network Intrusion Detection

Network intrusion detection based on machine learning suffers from the problems of low detection ratio for unknown intrusion and low detection efficiency due to many complex rules. To solve these problems, a constraint based gene expression programming (GEP) rule extraction algorithm (CGREA) was proposed. The intrusion detection rules were represented based on GEP model,and a constraint grammar was defined to guarantee the rules closeness and adequacy. It restricted the ratio of randomly selecting various symbols in the gene head of GEP rules, and used the elitist strategy to guarantee convergence. The KDI)CUP' 99 DATA Set was used for evaluation the intrusion detection rules auto-extracted by CGREA. A 91%probability of detection was achieved, and three unknown attacks' probabilities of detection were more than 88 %. These results indicate that the intrusion detection rules that extracted by CGREA are effective, simple, and capable of detecting unknown intrusions. Moreover, the efficiency of rule generation and detection is improved.