ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2015, Vol. 52 ›› Issue (10): 2239-2246.doi: 10.7544/issn1000-1239.2015.20150587

所属专题: 2015网络安全与隐私保护研究进展

• 信息安全 • 上一篇    下一篇



  1. 1(中国科学院虚拟经济与数据科学研究中心(中国科学院大学) 北京 100190); 2(中国科学院大数据挖掘与知识管理重点实验室(中国科学院大学) 北京 100190); 3(中国科学院信息安全国家重点实验室(中国科学院信息工程研究所) 北京 100093) (
  • 出版日期: 2015-10-01
  • 基金资助: 

Multi-Criteria Mathematical Programming Based Method on Network Intrusion Detection

Wang Bo1,2, Nie Xiaowei3   

  1. 1(Research Center on Fictitious Economy and Data Science (University of Chinese Academy of Sciences) Beijing 100190);2(Key Research Laboratory on Big Data Mining and Knowledge Management, Chinese Academy of Sciences (University of Chinese Academy of Sciences) Beijing 100190);3(State Key Laboratory of Information Security, Chinese Academy of Sciences (Institute of Information Engineering, Chinese Academy of Sciences) Beijing 100093)
  • Online: 2015-10-01

摘要: 多分类模型常用于解决诸如信用卡客户分析和疾病诊断预测等具有多类情况的现实问题.网络安全中的攻击形式有很多种,这为多分类问题的研究成果提供了很好的应用背景.事实上,如果把建立防火墙来拦截网络攻击看作被动的防御,人们更希望通过借助对网络攻击者行为的分析去进行主动的防御.借助数据挖掘中解决分类问题的基本思想,提出了用多目标数学规划(multi-criteria mathematical programming, MCMP)模型分析多类网络攻击行为的方法.与直接寻找凸规划问题最优解方法不同,该方法通过对相关矩阵的直接运算寻找最优解,大大降低了问题求解的难度.进一步,运用e-支持向量的概念,可以实现对大规模应用问题的计算.同时,使用了核技巧来解决非线性可分的问题.基于一个新近已知的NSL-KDD网络入侵数据集,通过数值实验证实了所提模型可以有效解决网络入侵中的多分类问题,同时达到较高的分类精度和较低的错误报警率.

关键词: 网络入侵检测, 多分类问题, 多目标数学规划, e-支持向量, 错误报警率

Abstract: Multi-class classification models are often applied in real applications with multiple classes involved, such as credit card client analysis and disease diagnosis prediction. In fact, a network can be attacked by multiple hackers, which is also a typical multiple classes problem. Instead of building a firewall to prevent the network system, which is called a passive protection, one should find out the different attacking behaviors of the hackers for a positive defense. This paper promotes multi-criteria mathematical programming (MCMP) model for dealing with various kinds of attacks in network security. Without directly solving a convex mathematical programming problem, the proposed method only performs matrix computation for its optimal solution, which is easy to be realized. In addition, the concept of e-support vector is employed to facilitate the computation of large-scale applications. For nonlinear case, kernel technique is also applied. Using a newly well-known network intrusion dataset, called NSL-KDD, the paper demonstrates that the proposed method can achieve both high classification accuracies and low false alarm rates for multi-class network intrusion classification.

Key words: network intrusion detection, multi-class classification problem, multi-criteria mathematical programming(MCMP), e-support vector, false alarm rate