基于增量学习的SVM-KNN网络入侵检测方法

为满足入侵检测的实时性和准确性要求,通过结合支持向量机(SVM)和K最近邻(KNN)算法设计IL-SVM-KNN分类器,并采用平衡k维树作为数据结构提升执行速度.训练阶段应用增量学习思想并考虑知识库的扩展,分类阶段则利用SVM和KNN算法将待分类数据分成3种情况应用不同的分类策略.基于KDD CUP99和NSL-KDD数据集进行实验,结果表明,IL-SVM-KNN能够区分正常流量和异常流量并准确判断异常流量的攻击类型,其准确率较KNN算法和SVM算法有明显提升,判断攻击类型的准确性高于决策树、随机森林和XGBoost算法,并且较两层卷积神经网络消耗时间更少,资源消耗更低.

SVM-KNN Network Intrusion Detection Method Based on Incremental Learning

In order to meet the requirements of intrusion detectionfor real-time performance and accuracy,this paper designs an IL-SVM-KNN classifier that combines Support Vector Machine(SVM)and K-Nearest Neighbor(KNN)algorithm,and the balanced k-dimensional tree is used for data structure to improve the execution speed.In the training phase,the idea of incremental learning is applied and the expansion of the knowledge base is considered.In the classification phase,the SVM algorithm and KNN algorithm are used to divide the to-be-classified data into three cases,each case with a unique classification strategy.Experimental results on KDD CUP99 and NSL-KDD datasets show that the IL-SVM-KNN classifier can distinguish abnormal traffic from normal traffic,and determine the type of abnormal traffic attacks.The accuracy of the proposed classifier is significantly improved compared with the KNN algorithm and SVM algorithm.It also outperforms the decision tree,random forests and XGBoost algorithm in terms of the accuracy of determining the attack type while reducing the elapsed time and resource consumption compared with two-layer convolution neural network.