信息网络安全 ›› 2018, Vol. 18 ›› Issue (12): 38-45.doi: 10.3969/j.issn.1671-1122.2018.12.006

• 技术研究 • 上一篇    下一篇

改进的人工蜂群结合优化的随机森林的U2R攻击检测研究

翟继强, 肖亚军, 杨海陆, 王健   

  1. 哈尔滨理工大学计算机科学与技术学院,黑龙江哈尔滨 150080;
  • 收稿日期:2018-06-04 出版日期:2018-12-20
  • 通讯作者: 肖亚军 wdnysjqr@qq.com
  • 作者简介:翟继强(1972—),男,黑龙江,教授,博士,主要研究方向为网络与信息安全;肖亚军(1992—),男,山东,硕士研究生,主要研究方向为计算机取证;杨海陆(1985—),男,黑龙江,讲师,博士,主要研究方向为数据挖掘、网络安全;王健(1979—),女,黑龙江,副教授,博士,主要研究方向为网络与信息安全。
  • 基金资助:
    国家自然科学基金[61403109]; 黑龙江省自然科学基金[F2016024]; 黑龙江省教育厅科技面上项目[12531121]

Reseach on U2R Attacks Detection Based on Improved Artificial Bee Colony Combined with Optimized Random Forest

ZHAI Jiqiang, XIAO Yajun, YANG Hailu, WANG Jian   

  1. School of Computer Science and Technology, Harbin University of Science and Technology, Harbin Heilongjiang 150080, China;
  • Received:2018-06-04 Online:2018-12-20

摘要: 针对入侵检测系统(IDS)对User-to-Root(U2R)类型攻击检测率低的问题,文章提出了一种改进的人工蜂群(ABC)算法结合优化的随机森林(RF)算法的攻击检测模型。该模型首先对传统ABC算法的初始化方法和搜索策略进行改进,优化传统RF算法对特征重要性得分的排序方式,然后将两种改进的算法相结合,进行U2R攻击检测。使用NSL-KDD数据集进行实验,结果表明,该攻击检测模型能够准确地提取攻击类型的最优特征集,对攻击数据进行分类预测,有效提高了IDS对U2R类型攻击的检测率。

关键词: 入侵检测, U2R攻击, 改进的人工蜂群, 优化的随机森林

Abstract: Aiming at the problem of low detection rate of U2R attacks in IDS, this paper proposes a model that combined an improved artificial bee colony algorithm (ABC) with the optimized random forest (RF). Firstly, the model improved the initialization method and search strategy of the traditional ABC, optimized the method of ranking of feature importance scores in the traditional RF. Then the model combined the two improved algorithm. Experiments with NSL-KDD datasets show that the attack detection model based on the improved artificial bee combined with the optimization random forest algorithm (RF-IABC) can extract the optimal feature set of attack type accurately, then classify and predict the attack data, improve the detection rate of U2R type attacks by IDS effectively.

Key words: IDS, U2R attacks, improved artificial bee colony, optimized random forest

中图分类号: