Network Intrusion Anomaly Detection Model Based on Dimension Reduction Strategy Using Principal Component Analysis and Mutual Information

doi:10.3969/j.issn.1671-1122.2015.09.019

Abstract

Abstract: Aim

to high dimensional co-linearity problem of network intrusion anomaly detection model’s input features and dynamic changes of network environment, a new fast anomaly detection model construction approach based on dimension reduction strategy using principal component analysis (PCA) and mutual information (MI) is proposed in this paper. At first, PCA based feature extraction method is used to extract independence latent features, to diminish co-linearity among these input variables. Then, MI based feature selection method is used to select important features from PCA extracted latent features. Thus, these independent features that have much relation to anomaly detection model’s output are selected. At last, a kind of machine learning algorithm with fast learning speed, i.e., random vector function link (RVFL) net, is used to construct the final intrusion detection model with these extract and selected features. Simulation results based on KDD99 data set show that the proposed method can extract and select features effectively with fast learning speed.

Key words: network intrusion, anomaly detection, dimension reduction, machine learning

CLC Number:

TP309

Jian TANG, Chun-lai SUN, Ke-feng MAO, Mei-ying JIA. Network Intrusion Anomaly Detection Model Based on Dimension Reduction Strategy Using Principal Component Analysis and Mutual Information[J]. Netinfo Security, 2015, 15(9): 78-83.

Figures/Tables 10

References 25

[1]	汤健, 孙春来, 李东. 基于在线集成学习技术的工业控制网络入侵防范技术探讨[J]. 信息网络安全,2014, 9: 86-91.
[2]	卿斯汉. 关键基础设施安全防护[J]. 信息网络安全,2015, (2): 86-91.
[3]	卿斯汉, 蒋建春, 马恒太, 等.入侵检测技术研究综述[J]. 通信学报,2004, 25(7):19-29.
[4]	崔亚芬, 解男男. 一种基于特征选择的入侵检测方法[J]. 吉林大学学报(理学版),2015, 53(1):112-116.
[5]	杨智君, 田地, 马骏骁, 等.入侵检测技术研究综述[J]. 计算机工程与设计, 2006, 27(12): 2119-2123.
[6]	Weller-Fahy D J, Borghetti B J, Sodemann A A. A Survey of distance and similarity measures used within network intrusion anomaly detection[J]. IEEE Communication Surveys & Tutorials, 2014, 44(1): 66-83.
[7]	Hu W M, Gao J, Wang Y G, et al.Online adaboost-based parameterized methods for dynamic distributed network intrusion detection[J]. IEEE Tranzaction on Cybernetics, 2015, 17(1): 70-92.
[8]	戚名钰, 刘铭, 傅彦铭 . 基于PCA的SVM网络入侵检测研究[J]. 信息网络安全, 2015, (2): 15-19.
[9]	Yao H B, Tian L.A genetic-algorithm-based selective principal component analysis [9](GA-SPCA) method for high-dimensional data feature extraction[J]. IEEE Transactions on Geoscience and Remote Sensing, 2003, 41(6): 1469-1478.
[10]	唐成华,刘鹏程,汤申生,等.基于特征选择的模糊聚类异常入侵行为检测[J].计算机研究与发展,2015,52(3): 718-728.
[11]	Chow T W S, Huang D. Estimating optimal feature subsets using efficient estimation of high-dimensional mutual information[J]. IEEE Trans. Neural Networks, 2005, 16(1): 213-224.
[12]	吴欣欣,文志诚,叶健健,等. 基于改进的BP神经网络入侵检测方法研究[J]. 微型机与应用,2014,33(22): 67-70.
[13]	李佳. 混合杂草算法优化支持向量机的网络入侵检测[J]. 计算机应用与软件, 2015, (2):10-16.
[14]	杨昆朋. 基于深度信念网络的入侵检测模型[J]. 计算机应用与软件,2015,(1): 10-15.
[15]	何鹏程,方勇.一种基于Web日志和网站参数的入侵检测和风险评估模型的研究[J]. 信息网络安全,2015,(1):61-65.
[16]	Schmidt W F, Kraaijveld M A, Duin R P W. Feed forward neural networks with random weights[C]//Proceedings of 11th IAPR International Conference. The Hague, Netherlands:IEEE,1992: 1-4.
[17]	Wang D, Alhamdoosh M.Evolutionary extreme learning machine ensemble with size control[J]. Neurocomputing, 2013, (102): 98-110.
[18]	Alhamdoosh M, Wang D.Fast decorrelated neural network ensemble with random weights[J]. Information Sciences, 2014,(264): 104-117.
[19]	郭其标; 李秉键;基于最小信息准则和BP算法的网络入侵检测. 吉林大学学报,2015,(4):715-719
[20]	向昌盛,张林峰. PSO-SVM在网络入侵检测中的应用[J]. 计算机工程与设计. 2013(04):130-134.
[21]	黄艳秋. IA—SVM算法在网络入侵检测中的研究[J]. 计算机仿真,2011,(1):182-185.
[22]	张拓, 王建平. 基于CQPSO-LSSVM的网络入侵检测模型[J]. 计算机工程与应用,2015,(2):113-116.
[23]	张志华. 高密度特征的网络入侵检测算法研究[J]. 激光杂志,2015,(2):100-103.
[24]	储泽楠, 李世扬. 基于节点生长马氏距离K均值和HMM的网络入侵检测方法设计[J]. 计算机测量与控制,2014,(10):3406-3409.
[25]	薛伟莲, 王星.网络入侵检测技术研究[J]. 辽宁师范大学学报:自然科学版,2001,(2):139-141.