As a key research direction in the field of machine learning, ensemble learning is widely used in anomaly intrusion detection, and it can reach a higher detection precision than the single classifier. However, existing ensemble-based intrusion detection algorithms have some shortcomings, such as, the loss of edge information as well as the loss of whole information during the process of dividing original problem, time-consuming and complexity of the model fusion. So, this paper proposed a novel ensemble-based algorithm for intrusion detection. Firstly, the original problem is divided into a number of two classification problems, and the predicted probabilities are added into original features. Then the multi-class model is trained as the final result. In addition, we adopted GBDT (Gradient Boosting Decision Tree)+LR (Logistic Regression), proposed by Facebook, to implement the binary classification. Experiments and analysis on KDD CUP’99 dataset verify the effectiveness of our proposed framework.
HUANG Jinchao,MA Yinghua,QI Kaiyue,LI Yichen,XIA Yuanyi
. An Ensemble-Based Intrusion Detection Algorithm[J]. Journal of Shanghai Jiaotong University, 2018
, 52(10)
: 1382
-1387
.
DOI: 10.16183/j.cnki.jsjtu.2018.10.029
[1]DENNING D E. An intrusion-detection model[J]. IEEE Transactions on Software Engineering, 1987, 13(2): 222-232.
[2]MOUSTAFA N, SLAY J. The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems[C]//International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security. Kyoto, Japan: IEEE, 2015: 25-31.
[3]范晓诗, 雷英杰, 王亚男, 等. 流量异常检测中的直觉模糊推理方法[J]. 电子与信息学报, 2015, 37(9): 2218-2224.
FAN Xiaoshi, LEI Yingjie, WANG Yanan, et al. Intuitionistic fuzzy reasoning method in traffic anomaly detection[J]. Journal of Electronics & Information Technology, 2015, 37(9): 2218-2224.
[4]梁本来, 杨忠明, 蔡昭权. 一种混合入侵检测模型[J]. 计算机测量与控制, 2017, 25(4): 225-228.
LIANG Benlai, YANG Zhongming, CAI Zhaoquan. One mixed intrusion detection model[J]. Computer Measurement & Control, 2017, 25(4): 225-228.
[5]MEHMOOD T, RAIS H B M. SVM for network anomaly detection using ACO feature subset[C]//International Symposium on Mathematical Sciences and Computing Research. Kuah, Kedah, Malaysia: IEEE, 2015: 121-126.
[6]JAIN R, ABOUZAKHAR N S. Hidden Markov model based anomaly intrusion detection[C]//Internet Technology And Secured Transactions. London: IEEE, 2012: 528-533.
[7]KUMAR S, YADAV A. Increasing performance of intrusion detection system using neural network[C]//International Conference on Advanced Communication Control and Computing Technologies. Ramanathapuram: IEEE, 2015: 546-550.
[8]MUKKAMALA S, SUNG A H, ABRAHAM A. Intrusion detection using ensemble of soft computing paradigms[M]. Berlin: Springer Berlin Heidelberg, 2003: 239-248.
[9]CHEBROLU S, ABRAHAM A, THOMAS J P. Feature deduction and ensemble design of intrusion detection systems[J]. Computers & Security, 2005, 24(4): 295-307.
[10]HE X, PAN J, JIN O, et al. Practical lessons from predicting clicks on ads at facebook[C]//Proceedings of the Eighth International Workshop on Data Mining for Online Advertising. [s.l.]: ACM, 2014: 1-9.
[11]University of California. KDD cup 1999 data [DB/OL]. [2018-04-20]. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, 2007.
[12]张红梅, 高海华, 王行愚. 基于SVM的多类分类集成[J]. 华东理工大学学报(自然科学版), 2008, 34(5): 734-739.
ZHANG Hongmei, GAO Haihua, WANG Xingyu. SVM based multi-class classification ensenble[J]. Journal of East China University of Science and Technology (Natural Science Edition), 2008, 34(5): 734-739.
[13]刘衍珩, 田大新, 余雪岗, 等. 基于分布式学习的大规模网络入侵检测算法[J]. 软件学报, 2008, 19(4): 000993.
LIU Yanheng, TIAN Daxin, YU Xuegang, et al. Large-scale network intrusion detection algorithm based on distributed learning[J]. Journal of Software, 2008, 19(4): 000993.
[14]LIN L, ZUO R, YANG S, et al. SVM ensemble for anomaly detection based on rotation forest[C]//Third International Conference on Intelligent Control and Information Processing. Dalian: IEEE, 2012: 150-153.
