基于模糊粗糙集属性约简与GMM-LDA最优聚类簇特征学习的自适应网络入侵检测
CSTR:
作者:
作者单位:

(1. 湖南师范大学信息科学与工程学院,长沙410081;2. 湖南师范大学计算与随机数学教育部重点实验室,长沙410081;3. 中南大学信息科学与工程学院,长沙410083)

作者简介:

通讯作者:

E-mail: xupf@hunnu.edu.cn.

中图分类号:

TP391.4

基金项目:

国家自然科学基金项目(61501183, U1701261, 61771492);湖南省自然科学基金项目(2018JJ3349);图像信息处理与智能控制教育部重点实验室(华中科技大学)开放基金项目(IPIC2017-03).


Adaptive network intrusion detection based on fuzzy rough set-based attribute reduction and GMM-LDA-based optimal cluster feature learning
Author:
Affiliation:

(1. College of Information Science and Engineering,Hu'nan Normal University,Changsha 410081,China;2. Key Laboratory of Computing and Stochastic Mathematics,Ministry of Education,Hu'nan Normal University,Changsha 410081,China;3. School of Information Science and Engineering,Central South University,Changsha 410083,China)

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    网络入侵方式已日趋多样化,其隐蔽性强且变异性快,开发灵活度高、适应性强的实时网络安全监测系统面临严峻挑战.对此,提出一种基于模糊粗糙集属性约简(FRS-AR)和GMM-LDA最优聚类簇特征学习(GMM-LDA-OCFL)的自适应网络入侵检测(ANID)方法.首先,引入一种基于模糊粗糙集(FRS)信息增益率的属性约简(AR)方法以实现网络连接数据最优属性集选择;然后,提出一种基于GMM-LDA的最优聚类簇特征学习方法,以获得正常模式特征库和入侵模式库的最优特征表示,同时引入模式库自适应更新机制,使入侵检测模型能够适应网络环境动态变化.KDD99数据集和基于Nidsbench的网络虚拟仿真实验平台的入侵检测结果表明,所提出的ANID方法能有效适应网络环境动态变化,可实时检测出真实网络连接数据中的各种入侵行为,其性能优于当前常用的入侵检测方法,应用前景广阔.

    Abstract:

    With the increasing diversity and rapid variability of network intrusion, the development of real-time network security monitoring systems with high flexibility and strong adaptability still faces severe challenges. Therefore adaptive network intrusion detection(ANID) method based on fuzzy rough set attribute reduction(FRS-AR) and Gaussian mixture model linear discriminant aualysis(GMM-LDA) optimal cluster feature learning(GMM-LDA-OCFL) is proposed. Based on the fuzzy rough set theory, the optimal attribute set of network connection data is selected automatically by information gain rate measurement. Then, an optimal cluster feature learning method based on GMM-LDA is proposed to obtain the optimal feature representation of the normal mode feature library and the intrusion mode feature library. At the same time, the adaptive on-line update mechanism of the normal(abnormal) pattern feature library is introduced, so that the detection model can adapt itself to dynamic network changes. The test results of KDD99 and network simulation experiment platform based on Nidsbench show that the proposed method can effectively adapt to the dynamic changes of the network environment and various intrusion behaviors in the real network connection data can be detected in real time. And the performance of the proposed method is better than that of the existing commonly-used intrusion detection methods, which has potentially wide application prospects.

    参考文献
    相似文献
    引证文献
引用本文

刘金平,张五霞,唐朝晖,等.基于模糊粗糙集属性约简与GMM-LDA最优聚类簇特征学习的自适应网络入侵检测[J].控制与决策,2019,34(2):243-251

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:
  • 最后修改日期:
  • 录用日期:
  • 在线发布日期: 2019-01-23
  • 出版日期:
文章二维码