基于核极限学习机和粒子群优化的入侵检测研究

发布时间：2018-03-29 14:10

本文选题：入侵检测　切入点：极限学习机　出处：《江苏科技大学》2017年硕士论文

【摘要】：大数据时代背如何保证网络环境安全已成为当今广大学者研究的热点。以往的安全技术诸如数字加密、防火墙、VPN等技术一定程度上提高了网络安全性能,但是随着入侵手段的不断提高,复杂多样化的入侵技术能够轻易的破解以前的安全技术,在这种情况下,网络安全工作者提出的入侵检测(Intrusion Detection)引发了新一轮网络安全的研究热潮。随后,以入侵检测为基础的主动智能的入侵防御系统(IPS)应运而生,有效的弥补了入侵检测系统无法智能检测和应付攻击的缺陷。本文深入研究了入侵检测算法的相关文献,分析了当前入侵检测系统中存在的一些不足,提出了一种基于核极限学习机和粒子群优化的入侵检测算法,有效的提高入侵检测系统的性能。本文针对基于单核极限学习机的入侵检测算法误报率高、收敛速度慢以及泛化能力弱等缺陷提出了一种改进的粒子群优化多核极限学习机算法(PKELM)。算法中,通过核函数的Mercer性质合成多核函数,以解决单核机器中出现鲁棒性能差检测率低等缺陷;然后通过高斯扰动等方式提高粒子群算法的局部搜索能力,用来优化多核极限学习机中的核参数以及正则化因子,以提高多核极限学习机的收敛速度和泛化能力。同时针对网络数据数量庞大,特征分布离散等问题,提出了一种基于改进的粒子群优化K-Means的聚类算法(IPMeans)。算法中,通过改进的粒子群算法优化K-Means的聚类中心,以提高K-Means算法的聚类能力,然后将此算法处理入侵数据,增加数据集中相似数据的聚集度,使处理后的数据更易被入侵检测系统识别,提高检测系统的运行速度和系统处理海量数据的能力。结合优化的多核极限学习机和优化的K-Means聚类提出了一种改进的粒子群优化K均值与多核极限学习机理论相结合的入侵检测算法(IPMeans-PKELM)。该算法在基于核极限学习机的入侵检测算法的基础上增加了核参数优化和入侵数据聚类处理的功能。相对原入侵检测算法处理高维复杂数据检测率低,以及随机设置KELM的隐层节造成检测结果误差较大等问题,IPMeans-PKELM算法通过引入IPMeans算法对入侵数据进行聚类处理,增加入侵数据的识别度,提高了入侵检测系统的识别速度;同时采用改进的粒子群算法对多核参数进行优化,提高了入侵检测系统的泛化能力和检测率。最后,在KDD CUP99环境下对本文算法进行仿真实验,将IPMeans处理过的数据采用10-CV分割,通过优化的多核极限学习机进行训练检测,实验结果表明该算法能有效提高检测率,并能降低系统的误报率和漏警率。
[Abstract]:How to ensure the security of network environment in big data era has become a hot topic for many scholars. Previous security technologies, such as digital encryption, firewall VPN and so on, have improved the network security performance to a certain extent. But with the continuous improvement of intrusion means, complex and diversified intrusion technology can easily break into the previous security technology, in this case, Intrusion Detection proposed by network security workers has triggered a new wave of research on network security. Subsequently, an active and intelligent intrusion prevention system (IPS) based on intrusion detection came into being. It effectively makes up the defect that intrusion detection system can not detect and deal with attack intelligently. This paper deeply studies the related literature of intrusion detection algorithm, and analyzes some shortcomings of current intrusion detection system. An intrusion detection algorithm based on kernel limit learning machine and particle swarm optimization is proposed to improve the performance of intrusion detection system. In this paper, the false positive rate of intrusion detection algorithm based on single core learning machine is high. In this paper, an improved particle swarm optimization (PSO) algorithm for multi-core limit learning machine (PSO) is proposed. In the algorithm, the multi-kernel function is synthesized by the Mercer property of the kernel function. In order to solve the defects such as low detection rate of poor performance and so on, the local search ability of particle swarm optimization algorithm is improved by means of Gao Si perturbation, which is used to optimize the kernel parameters and regularization factors in the multi-core extreme learning machine. In order to improve the convergence speed and generalization ability of multi-core extreme learning machine, a clustering algorithm based on improved particle swarm optimization (K-Means) is proposed to solve the problems of large amount of network data and discrete feature distribution. The improved particle swarm optimization algorithm is used to optimize the clustering center of K-Means in order to improve the clustering ability of K-Means algorithm. Then the algorithm is used to deal with intrusion data and increase the aggregation degree of similar data in the dataset. To make the processed data more easily identified by the intrusion detection system, In this paper, an improved particle swarm optimization (PSO) K-means and multi-core extreme learning machine (MULLM) theory are proposed in combination with the optimized multi-core extreme learning machine and the optimized K-Means clustering, which can improve the speed of the detection system and the ability of the system to process the massive data. The combined intrusion detection algorithm IPMeans-PKELM.On the basis of the intrusion detection algorithm based on the kernel limit learning machine, this algorithm adds the functions of kernel parameter optimization and intrusion data clustering processing. Compared with the original intrusion detection algorithm, the detection rate of high-dimensional complex data is lower than that of the original intrusion detection algorithm. IPMeans-PKELM algorithm introduces IPMeans algorithm to cluster intrusion data, which increases the recognition degree of intrusion data and improves the recognition speed of intrusion detection system. At the same time, the improved particle swarm optimization algorithm is used to optimize the multi-core parameters, which improves the generalization ability and detection rate of the intrusion detection system. Finally, the simulation experiment of this algorithm is carried out under the KDD CUP99 environment, and the data processed by IPMeans is segmented by 10-CV. The experimental results show that the algorithm can effectively improve the detection rate and reduce the false alarm rate and false alarm rate of the system.
【学位授予单位】：江苏科技大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08;TP18

【参考文献】