Detection of abnormal network traffic is an important issue when builds intrusion detection systems. An effective way to address this issue is time series mining, in which the network traffic is naturally represented as a set of time series. In this paper, we propose a novel efficient algorithm, called RSFID (Random Shapelet Forest for Intrusion Detection), to detect abnormal traffic flow patterns in periodic network packets. Firstly, the Fast Correlation-based Filter (FCBF) algorithm is employed to remove irrelevant features to decrease the overfitting as well as the time complexity. Then, a random forest which is built upon a set of shapelet candidates is used to classify the normal and abnormal traffic flow patterns. Specifically, the Symbolic Aggregate approXimation (SAX) and random sampling technique are adopted to mitigate the high time complexity caused by enumerating shapelet candidates. Experimental results show the effectiveness and efficiency of the proposed algorithm.

中文翻译：

---

一种使用随机形状森林进行入侵检测的有效算法

在构建入侵检测系统时，异常网络流量的检测是一个重要的问题。解决这个问题的一个有效方法是时间序列挖掘，其中网络流量自然地表示为一组时间序列。在本文中，我们提出了一种新的高效算法，称为 RSFID（用于入侵检测的随机形状森林），用于检测周期性网络数据包中的异常流量模式。首先，采用快速相关滤波器（FCBF）算法去除不相关的特征，以减少过拟合和时间复杂度。然后，建立在一组候选 shapelet 上的随机森林用于对正常和异常交通流模式进行分类。具体来说，采用符号聚合近似（SAX）和随机采样技术来减轻枚举shapelet候选者造成的高时间复杂度。实验结果表明了该算法的有效性和效率。