Abstract:
It is an important research topic to improve detection rate and reduce false positive rate of the detection model in the field of intrusion detection. Based on the in-deep research on inductive learning theory, a rule learning algorithm is applied in building the intrusion detection model. For the case of detection precision's decline when lacking audit training data, an efficient approach to intrusion detection is proposed based on boosting rule learning (EAIDBRL). In EAIDBRL, firstly, weights of sample data in the traditional Boosting algorithm are adjusted separately within each class without changing overall class weights to eliminate deterioration in generation performance on some intrusion detection datasets; secondly, the evaluating criteria for rule growing and rule pruning of the traditional rule-learning algorithm are modified; and lastly this improved boosting algorithm is adopted to enhance generalization performance of weak rule learner on the network audit dataset. The results of experiments on the standard intrusion detection dataset indicate that EAIDBRL indeed can improve detection performance of the intrusion detection model built with the traditional rule learning algorithm.