高级检索

    基于多目标数学规划的网络入侵检测方法

    Multi-Criteria Mathematical Programming Based Method on Network Intrusion Detection

    • 摘要: 多分类模型常用于解决诸如信用卡客户分析和疾病诊断预测等具有多类情况的现实问题.网络安全中的攻击形式有很多种,这为多分类问题的研究成果提供了很好的应用背景.事实上,如果把建立防火墙来拦截网络攻击看作被动的防御,人们更希望通过借助对网络攻击者行为的分析去进行主动的防御.借助数据挖掘中解决分类问题的基本思想,提出了用多目标数学规划(multi-criteria mathematical programming, MCMP)模型分析多类网络攻击行为的方法.与直接寻找凸规划问题最优解方法不同,该方法通过对相关矩阵的直接运算寻找最优解,大大降低了问题求解的难度.进一步,运用e-支持向量的概念,可以实现对大规模应用问题的计算.同时,使用了核技巧来解决非线性可分的问题.基于一个新近已知的NSL-KDD网络入侵数据集,通过数值实验证实了所提模型可以有效解决网络入侵中的多分类问题,同时达到较高的分类精度和较低的错误报警率.

       

      Abstract: Multi-class classification models are often applied in real applications with multiple classes involved, such as credit card client analysis and disease diagnosis prediction. In fact, a network can be attacked by multiple hackers, which is also a typical multiple classes problem. Instead of building a firewall to prevent the network system, which is called a passive protection, one should find out the different attacking behaviors of the hackers for a positive defense. This paper promotes multi-criteria mathematical programming (MCMP) model for dealing with various kinds of attacks in network security. Without directly solving a convex mathematical programming problem, the proposed method only performs matrix computation for its optimal solution, which is easy to be realized. In addition, the concept of e-support vector is employed to facilitate the computation of large-scale applications. For nonlinear case, kernel technique is also applied. Using a newly well-known network intrusion dataset, called NSL-KDD, the paper demonstrates that the proposed method can achieve both high classification accuracies and low false alarm rates for multi-class network intrusion classification.

       

    /

    返回文章
    返回