高级检索

    一种基于强化规则学习的高效入侵检测方法

    An Efficient Approach to Intrusion Detection Based on Boosting Rule Learning

    • 摘要: 在入侵检测研究领域中,提高检测模型的检测率并降低误报率是一个重要的研究课题.在对归纳学习理论深入研究的基础上,将规则学习算法应用到入侵检测建模中.针对审计训练数据不足时出现的检测精度下降的情况,提出了一种基于强化规则学习的高效入侵检测方法EAIDBRL (efficient approach to intrusion detection based on boosting rule learning).在EAIDBRL方法中,首先调整传统Boosting算法的权重更新过程在各个预测目标类内部进行,以消除退化现象;然后修改传统规则学习算法中规则生长和规则剪枝过程的评价准则函数;最后使用改进后的Boosting算法来增强弱规则学习器对网络审计数据的分类性能.标准入侵检测数据集上的测试结果表明,EAIDBRL方法能够较大地提高传统规则学习检测模型在小样本条件下的入侵检测性能.

       

      Abstract: It is an important research topic to improve detection rate and reduce false positive rate of the detection model in the field of intrusion detection. Based on the in-deep research on inductive learning theory, a rule learning algorithm is applied in building the intrusion detection model. For the case of detection precision's decline when lacking audit training data, an efficient approach to intrusion detection is proposed based on boosting rule learning (EAIDBRL). In EAIDBRL, firstly, weights of sample data in the traditional Boosting algorithm are adjusted separately within each class without changing overall class weights to eliminate deterioration in generation performance on some intrusion detection datasets; secondly, the evaluating criteria for rule growing and rule pruning of the traditional rule-learning algorithm are modified; and lastly this improved boosting algorithm is adopted to enhance generalization performance of weak rule learner on the network audit dataset. The results of experiments on the standard intrusion detection dataset indicate that EAIDBRL indeed can improve detection performance of the intrusion detection model built with the traditional rule learning algorithm.

       

    /

    返回文章
    返回