基于迁移学习的入侵检测技术研究

发布时间：2018-01-05 02:31

本文关键词：基于迁移学习的入侵检测技术研究　出处：《中北大学》2015年硕士论文　论文类型：学位论文

更多相关文章： 入侵检测 迁移学习 DNB DTNL

【摘要】：随着计算机网络技术的快速发展，入侵检测技术作为一种积极主动的网络安全防护技术，在系统受到侵入之前进行检测和拦截，提供内外部攻击的实时保护，已经成为当前保障网络安全的重要手段。然而，，在应用于入侵检测的现有算法中，在不同攻击类型的检测性能上存在着非平衡性，而且当训练数据或有标签数据很少不足以训练较好的分类器时，则要求用户重新收集大量的训练数据，这不仅困难而且成本较大。实际上，我们有大量的现有的或已过时的数据，与他们相关但是不同，其中部分数据被期望重新用于解决新的问题中。迁移学习适用于不同域或多任务学习，将迁移学习的理论应用在现有的算法中，能够起到很好的检测效果。本文主要完成以下内容：（1）在研究了迁移学习理论的基础上，结合迁移学习理论和分布式网络集成算法（DNB）的基本思想，提出了分布式迁移网络学习算法（DTNL），实验表明算法采用DTNL算法对网络入侵中常见的四种异常行为检测时，明显比常规算法在R2L检测率上有了显著的提高，并且其他三种异常行为的检测率也较高。（2）在现有的通用入侵检测框架（Commom Intrusion Detection Framework，CIDF）的基础上，将DTNL算法引入到入侵检测系统中，重点修改了数据预处理、分类器和规则学习等核心模块，并添加了专家判别模块，提出了一种基于迁移学习理论的入侵检测模型框架。DTNL算法能够明显提高对四种攻击类型的检测平衡率。使得系统可以运用在对准确度和误报率要求较高的场合，同时，专家判别模块的添加能够有效地降低系统的误报率。（3）最后使用了入侵检测领域评测的基准数据库KDD CUP’99进行了实验，验证了系统的可行性和有效性。
[Abstract]:With the rapid development of computer network technology, intrusion detection technology, as an active network security protection technology, detects and intercepts the system before it is invaded, and provides real-time protection of internal and external attacks. It has become an important means to ensure network security. However, in the existing algorithms applied to intrusion detection, there is an imbalance in the detection performance of different types of attacks. And when training data or tagged data are rarely enough to train better classifiers, users are required to re-collect a large number of training data, which is not only difficult but also costly. We have a lot of existing or outdated data that are relevant but different, some of which are expected to be reused to solve new problems. Migration learning applies to different domains or multitasking learning. The theory of transfer learning is applied to the existing algorithms, and the detection effect is very good. The main contents of this paper are as follows: 1) on the basis of studying the transfer learning theory and combining the transfer learning theory with the basic idea of distributed network integration algorithm (DNB), a distributed transfer network learning algorithm (DTNL) is proposed. Experimental results show that the DTNL algorithm is significantly higher than the conventional algorithm in the detection rate of R2L in the detection of four common abnormal behaviors in network intrusion. The detection rate of the other three abnormal behaviors is also high. Based on the existing universal intrusion detection framework, the Commom Intrusion Detection Framework. The DTNL algorithm is introduced into the intrusion detection system, and the core modules such as data preprocessing, classifier and rule learning are modified, and the expert discriminant module is added. This paper presents an intrusion detection model framework. DTNL algorithm based on migration learning theory, which can obviously improve the detection balance rate of four types of attacks, so that the system can be used to demand higher accuracy and false alarm rate. The occasion. At the same time, the addition of expert discrimination module can effectively reduce the false alarm rate of the system. Finally, KDD CUP'99, a benchmark database in intrusion detection field, is used to verify the feasibility and effectiveness of the system.
【学位授予单位】：中北大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP393.08

【参考文献】