改进的人工蜂群结合优化的随机森林的U2R攻击检测研究

doi:10.3969/j.issn.1671-1122.2018.12.006

信息网络安全 ›› 2018, Vol. 18 ›› Issue (12): 38-45.doi: 10.3969/j.issn.1671-1122.2018.12.006

改进的人工蜂群结合优化的随机森林的U2R攻击检测研究

翟继强, 肖亚军, 杨海陆, 王健

哈尔滨理工大学计算机科学与技术学院,黑龙江哈尔滨 150080;

收稿日期:2018-06-04 出版日期:2018-12-20
通讯作者: 肖亚军 wdnysjqr@qq.com
作者简介:翟继强（1972—）,男,黑龙江,教授,博士,主要研究方向为网络与信息安全;肖亚军（1992—）,男,山东,硕士研究生,主要研究方向为计算机取证;杨海陆（1985—）,男,黑龙江,讲师,博士,主要研究方向为数据挖掘、网络安全;王健（1979—）,女,黑龙江,副教授,博士,主要研究方向为网络与信息安全。
基金资助:
国家自然科学基金[61403109]; 黑龙江省自然科学基金[F2016024]; 黑龙江省教育厅科技面上项目[12531121]

Reseach on U2R Attacks Detection Based on Improved Artificial Bee Colony Combined with Optimized Random Forest

ZHAI Jiqiang, XIAO Yajun, YANG Hailu, WANG Jian

School of Computer Science and Technology, Harbin University of Science and Technology, Harbin Heilongjiang 150080, China;

Received:2018-06-04 Online:2018-12-20

摘要/Abstract

摘要： 针对入侵检测系统（IDS）对User-to-Root（U2R）类型攻击检测率低的问题,文章提出了一种改进的人工蜂群（ABC）算法结合优化的随机森林（RF）算法的攻击检测模型。该模型首先对传统ABC算法的初始化方法和搜索策略进行改进,优化传统RF算法对特征重要性得分的排序方式,然后将两种改进的算法相结合,进行U2R攻击检测。使用NSL-KDD数据集进行实验,结果表明,该攻击检测模型能够准确地提取攻击类型的最优特征集,对攻击数据进行分类预测,有效提高了IDS对U2R类型攻击的检测率。

关键词: 入侵检测, U2R攻击, 改进的人工蜂群, 优化的随机森林

Abstract: Aiming at the problem of low detection rate of U2R attacks in IDS, this paper proposes a model that combined an improved artificial bee colony algorithm (ABC) with the optimized random forest (RF). Firstly, the model improved the initialization method and search strategy of the traditional ABC, optimized the method of ranking of feature importance scores in the traditional RF. Then the model combined the two improved algorithm. Experiments with NSL-KDD datasets show that the attack detection model based on the improved artificial bee combined with the optimization random forest algorithm (RF-IABC) can extract the optimal feature set of attack type accurately, then classify and predict the attack data, improve the detection rate of U2R type attacks by IDS effectively.

Key words: IDS, U2R attacks, improved artificial bee colony, optimized random forest

中图分类号:

TP309

翟继强, 肖亚军, 杨海陆, 王健. 改进的人工蜂群结合优化的随机森林的U2R攻击检测研究[J]. 信息网络安全, 2018, 18(12): 38-45.

ZHAI Jiqiang, XIAO Yajun, YANG Hailu, WANG Jian. Reseach on U2R Attacks Detection Based on Improved Artificial Bee Colony Combined with Optimized Random Forest[J]. 信息网络安全, 2018, 18(12): 38-45.

参考文献

[1] RICHHARIYA R, MANJHWAR A, MAKWANA R.A Hybrid Approach for User to Root and Remote to Local Attack[J]. International Journal of Computer Sciences and Engineering, 2017, 5(6): 73-79.
[2] HU Yangrui, CHEN Xingshu, WANG Junfeng, et al.Anomalous Traffic Detection Based on Traffic Behavior Characteristics[J]. Netinfo Security, 2016, 16(11): 45-51.
胡洋瑞,陈兴蜀,王俊峰,等. 基于流量行为特征的异常流量检测[J]. 信息网络安全,2016,16(11):45-51.
[3] BAHL S, SHARMA S K.Performance Analysis of User to Root Attack Class Using Correlation Based Feature Selection Model[C]// Springer. 2015 Computational Intelligence in Security for Information Systems Conference, June 15-17, 2015, Burgos, Spain. Heidelberg: Springer, 2015: 177-187.
[4] BASHL S, SHARMA S.Detection Rate Analysis for User to Root Attack Class using Correlation Feature Selection[C]// IEEE. International Conference on Computing, Communication & Automation, July 23-25, 2015, Noida, India. New Jersey: IEEE, 2015: 66-71.
[5] SHAHBAZ M, WANG Xianbin, Behnad A, et al.On Efficiency Enhancement of the Correlation-based Feature Selection for Intrusion Detection Systems[C]// IEEE. 7th Annual Information Technology, Electronics and Mobile Communication Conference, October 13-15, 2016, Vancouver, BC, Canada. New Jersey: IEEE, 2016: 1-7.
[6] XIA Yuming, HU Shaoyong, ZHU Shaomin, et al.Reserch on the Method of Network Attack Detection Based on Convolution Neural Network[J]. Netinfo Security, 2017, 17(11): 32-36.
夏玉明,胡绍勇,朱少民,等. 基于卷积神经网络的网络攻击检测方法研究[J]. 信息网络安全,2017,17(11):32-36.
[7] SAHASRABUDDHE A, NAIKADE S, RAMASWAMY R.Survey on Intrusion Detection System Using Data Mining Techniques[J]. International Research Journal of Engineering and Technology, 2017, 4(5): 1780-1784.
[8] CHOURE C, PATIL L H.A Literature Survey on Intrusion Detection and Protection System Using Data Mining[J]. International Journal of Advance Research, Ideas and Innovations in Technology, 2018, 4(1): 61-65.
[9] 戚名钰,刘铭,傅彦铭. 基于PCA的SVM网络入侵检测研究[J]. 信息网络安全,2015,15(2):15-18:
QI Mingyu, LIU Ming, FU Yanming.Research on Network Intrusion Detection Using Support Vector Machines Based on Principal Component Analysis[J]. Netinfo Security, 2015, 15(2): 15-18.
[10] ZHAO Jing, WEI Bin, LUO Peng, et al.Intrusion Detection Method Based on Hidden Markov Model[J]. Journal of Sichuan University: Engineering Science Edition, 2016, 48(1): 106-110.
赵婧,魏彬,罗鹏,等. 基于隐马尔可夫模型的入侵检测方法[J]. 四川大学学报:工程科学版,2016,48(1):106-110.
[11] FARNAAZ N, JABBAR M A. Random Forest Modeling for Network Intrusion Detection System[EB/OL]. https://core.ac.uk/download/pdf/82689462.pdf, 2018-1-11.
[12] LIN Weining, CHEN Mingzhi, ZHAN Yunqing, et al.Research on an Intrusion Detection Algorithm Based on PCA and Random-forest Classification[J]. Netinfo Security, 2017, 17(11): 50-54.
林伟宁,陈明志,詹云清,等. 一种基于PCA和随机森林分类的入侵检测算法研究[J]. 信息网络安全,2017,17(11):50-54.
[13] ADNAN M.Improving the Random Forest Algorithm by Randomly Varying the Size of the Bootstrap Samples[C]// IEEE. 15th International Conference on Information Reuse and Integration, August 13-15, 2014, Redwood City, CA, USA. New Jersey: IEEE, 2014: 303-308.
[14] BIAU G, SCORNET E.A Random Forest Guided Tour[J]. TEST, 2016, 25(2): 197-227.
[15] DUBITZKY W, WOLKENHAUER O, CHO K H, et al.Student’s t-Test[J]. Encyclopedia of Systems Biology, 2013, 17(4): 124-141.
[16] KIM K.T Test as a Parametric Statistic[J]. Korean Journal Anesthesiology, 2015, 68(6): 540-546.
[17] MERNIK M, LIU S, KARABOGA D.On Clarifying Misconceptions when Comparing Variants of the Artificial Bee Colony Algorithm by Offering a New Implementation[J]. Information Sciences an International Journal, 2015, 291(C): 115-127.
[18] KONG Xiangyu, LIU Sanyang, WANG Zhen.A New Hybrid Artificial Bee Colony Algorithm for Global Optimization[J]. International Journal of Computer Science Issues, 2013, 10(1): 287-301.
[19] MOHAMED A.An Efficient Modified Differential Evolution Algorithm for Solving Constrained Non-linear Integer and Mixed-integer Global Optimization Problems[J]. International Journal of Machine Learning and Cybernetics, 2017, 8(3): 989-1007.
[20] INGRE B, YADAV A, SONI A K.Decision Tree Based Intrusion Detection System for NSL-KDD Dataset[C]// Springer. 2017 International Conference on Information and Communication Technology for Intelligent Systems, March 25-26, 2017, Ahmedabad, India. Heidelberg: Springer, 2017: 207-218.
[21] MEENA G, CHOUDHARY R.A Review Paper on IDS Classification Using KDD 99 and NSL KDD Dataset in WEKA[C]// IEEE. 2017 International Conference on Computer, Communications and Electronics, July 1-2, 2017, Jaipur, India. New Jersey: IEEE, 2017: 553-558.
[22] UNB. NSL-KDD Dataset[EB/OL]. http://www.unb.ca/cic/datasets/nsl.html, 2017-7-10.

改进的人工蜂群结合优化的随机森林的U2R攻击检测研究

Reseach on U2R Attacks Detection Based on Improved Artificial Bee Colony Combined with Optimized Random Forest

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	王蓉, 马春光, 武朋. 基于联邦学习和卷积神经网络的入侵检测方法[J]. 信息网络安全, 2020, 20(4): 47-54.
[2]	罗文华, 许彩滇. 基于改进MajorClust聚类的网络入侵行为检测[J]. 信息网络安全, 2020, 20(2): 14-21.
[3]	康健, 王杰, 李正旭, 张光妲. 物联网中一种基于多种特征提取策略的入侵检测模型[J]. 信息网络安全, 2019, 19(9): 21-25.
[4]	冯文英, 郭晓博, 何原野, 薛聪. 基于前馈神经网络的入侵检测模型[J]. 信息网络安全, 2019, 19(9): 101-105.
[5]	饶绪黎, 徐彭娜, 陈志德, 许力. 基于不完全信息的深度学习网络入侵检测[J]. 信息网络安全, 2019, 19(6): 53-60.
[6]	刘敬浩, 毛思平, 付晓梅. 基于ICA算法与深度神经网络的入侵检测模型[J]. 信息网络安全, 2019, 19(3): 1-10.
[7]	陈虹, 肖越, 肖成龙, 陈建虎. 融合最大相异系数密度的SMOTE算法的入侵检测方法[J]. 信息网络安全, 2019, 19(3): 61-71.
[8]	田峥, 李树, 孙毅臻, 黎曦. 一种面向S7协议的工控系统入侵检测模型[J]. 信息网络安全, 2019, 19(11): 8-13.
[9]	张阳, 姚原岗. 基于Xgboost算法的网络入侵检测研究[J]. 信息网络安全, 2018, 18(9): 102-105.
[10]	张戈琳, 李勇. 非负矩阵分解算法优化及其在入侵检测中的应用[J]. 信息网络安全, 2018, 18(8): 73-78.
[11]	魏书宁, 陈幸如, 焦永, 王进. AR-OSELM算法在网络入侵检测中的应用研究[J]. 信息网络安全, 2018, 18(6): 1-6.
[12]	和湘, 刘晟, 姜吉国. 基于机器学习的入侵检测方法对比研究[J]. 信息网络安全, 2018, 18(5): 1-11.
[13]	刘超玲, 张棪, 杨慧然, 吴宏晶. 基于DPDK的虚拟化网络入侵防御系统设计与实现[J]. 信息网络安全, 2018, 18(5): 41-51.
[14]	陈红松, 王钢, 宋建林. 基于云计算入侵检测数据集的内网用户异常行为分类算法研究[J]. 信息网络安全, 2018, 18(3): 1-7.
[15]	赵旭, 黄光球, 崔艳鹏, 王明明. 基于改进选择算子的NIDS多媒体包多线程择危处理模型[J]. 信息网络安全, 2018, 18(10): 45-50.