当前位置: X-MOL 学术Comput. Netw. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Building an Efficient Intrusion Detection System Based on Feature Selection and Ensemble Classifier
Computer Networks ( IF 4.4 ) Pub Date : 2020-04-02 , DOI: 10.1016/j.comnet.2020.107247
Yuyang Zhou , Guang Cheng , Shanqing Jiang , Mian Dai

Intrusion detection system (IDS) is one of extensively used techniques in a network topology to safeguard the integrity and availability of sensitive assets in the protected systems. Although many supervised and unsupervised learning approaches from the field of machine learning have been used to increase the efficacy of IDSs, it is still a problem for existing intrusion detection algorithms to achieve good performance. First, lots of redundant and irrelevant data in high-dimensional datasets interfere with the classification process of an IDS. Second, an individual classifier may not perform well in the detection of each type of attacks. Third, many models are built for stale datasets, making them less adaptable for novel attacks. Thus, we propose a new intrusion detection framework in this paper, and this framework is based on the feature selection and ensemble learning techniques. In the first step, a heuristic algorithm called CFS-BA is proposed for dimensionality reduction, which selects the optimal subset based on the correlation between features. Then, we introduce an ensemble approach that combines C4.5, Random Forest (RF), and Forest by Penalizing Attributes (Forest PA) algorithms. Finally, voting technique is used to combine the probability distributions of the base learners for attack recognition. The experimental results, using NSL-KDD, AWID, and CIC-IDS2017 datasets, reveal that the proposed CFS-BA-Ensemble method is able to exhibit better performance than other related and state of the art approaches under several metrics.



中文翻译:

基于特征选择和集成分类器的高效入侵检测系统

入侵检测系统(IDS)是网络拓扑中广泛使用的技术之一,可以保护受保护系统中敏感资产的完整性和可用性。尽管已经使用了机器学习领域的许多有监督和无监督的学习方法来提高IDS的效率,但是对于现有的入侵检测算法来说,要实现良好的性能仍然是一个问题。首先,高维数据集中的大量冗余和不相关数据会干扰IDS的分类过程。其次,单个分类器在检测每种类型的攻击中可能表现不佳。第三,为过时的数据集构建了许多模型,从而使其对新攻击的适应性降低。因此,我们提出了一种新的入侵检测框架,该框架基于特征选择和集成学习技术。第一步,提出了一种称为CFS-BA的启发式算法,用于降维,该算法根据特征之间的相关性选择最佳子集。然后,我们介绍一种结合了C4.5,随机森林(RF)和惩罚性森林(Forest PA)算法的集成方法。最后,采用投票技术将基础学习者的概率分布进行组合,以进行攻击识别。使用NSL-KDD,AWID和CIC-IDS2017数据集的实验结果表明,在多个指标下,提出的CFS-BA-Ensemble方法能够比其他相关方法和最新方法表现出更好的性能。提出了一种称为CFS-BA的启发式算法以进行降维,该算法根据特征之间的相关性选择最佳子集。然后,我们介绍一种结合了C4.5,随机森林(RF)和惩罚性森林(Forest PA)算法的集成方法。最后,采用投票技术将基础学习者的概率分布进行组合,以进行攻击识别。使用NSL-KDD,AWID和CIC-IDS2017数据集的实验结果表明,在多个指标下,提出的CFS-BA-Ensemble方法能够比其他相关方法和最新方法表现出更好的性能。提出了一种称为CFS-BA的启发式算法以进行降维,该算法根据特征之间的相关性选择最佳子集。然后,我们介绍一种结合了C4.5,随机森林(RF)和惩罚性森林(Forest PA)算法的集成方法。最后,采用投票技术将基础学习者的概率分布进行组合,以进行攻击识别。使用NSL-KDD,AWID和CIC-IDS2017数据集的实验结果表明,在多个指标下,提出的CFS-BA-Ensemble方法能够比其他相关方法和最新方法表现出更好的性能。以及通过惩罚属性(Forest PA)算法来查找森林。最后,采用投票技术将基础学习者的概率分布进行组合,以进行攻击识别。使用NSL-KDD,AWID和CIC-IDS2017数据集的实验结果表明,在多个指标下,提出的CFS-BA-Ensemble方法能够比其他相关方法和最新方法表现出更好的性能。以及通过惩罚属性(Forest PA)算法来查找森林。最后,采用投票技术将基础学习者的概率分布进行组合,以进行攻击识别。使用NSL-KDD,AWID和CIC-IDS2017数据集的实验结果表明,在多个指标下,提出的CFS-BA-Ensemble方法能够比其他相关方法和最新方法表现出更好的性能。

更新日期:2020-04-20
down
wechat
bug