基于改进非平衡策略的入侵检测系统研究

发布时间：2018-04-12 16:30

本文选题：入侵检测系统 + 非平衡数据　；参考：《郑州大学》2014年硕士论文

【摘要】：随着计算机网络的爆炸式发展，，如何保障网络安全成为人们亟需解决的问题。入侵检测系统在网络安全方面发挥的积极作用使它成为人们关注和研究的焦点之一。虽然人们已经将数据挖掘和模式识别算法应用到了入侵检测领域，但是效果并不理想。因为入侵检测系统的输入是非平衡数据，与传统分类器不同，入侵检测数据的少数类样本才是人们关注的核心。传统分类器和性能评估指标是针对平衡数据集的，通过预处理使数据平衡化是入侵检测系统有效运行的关键。 KDD Cup99数据集是本文仿真实验采用的数据集。针对数据不平衡的问题，本文对经典SMOTE过抽样算法进行改进；针对入侵检测数据高维度的特点，应用基于信息增益的特征选择算法和面向目标变量的主成分分析算法对数据降维。最后，采用了传统的贝叶斯分类器对平衡降维后的数据进行分类操作。针对入侵检测数据非平衡的特点，本文实验综合参考检测率、误报率、G-means和整体准确率四个指标来分析评价入侵检测系统的性能。实验仿真结果表明，提出的预处理方案可在维持较低误报率的情况下有效提高入侵检测系统的检测率和整体准确率。
[Abstract]:With the explosive development of computer network, how to ensure network security becomes an urgent problem.Intrusion detection system (IDS) plays an active role in network security, which makes it one of the focus of attention and research.Although data mining and pattern recognition algorithms have been applied to intrusion detection, the results are not satisfactory.Because the input of intrusion detection system is unbalanced data, different from the traditional classifier, a few kinds of samples of intrusion detection data are the core of people's attention.The traditional classifier and performance evaluation index are aimed at the balanced data set. The key to the effective operation of the intrusion detection system is to balance the data by preprocessing.KDD Cup99 data set is the data set used in the simulation experiment in this paper.Aiming at the problem of data imbalance, this paper improves the classical SMOTE over-sampling algorithm, aiming at the characteristics of high-dimensional intrusion detection data.The feature selection algorithm based on information gain and the principal component analysis (PCA) algorithm for target variables are used to reduce the dimension of data.Finally, the traditional Bayesian classifier is used to classify the data after balanced dimensionality reduction.Aiming at the characteristics of non-equilibrium intrusion detection data, this paper analyzes and evaluates the performance of intrusion detection system by synthesizing four indexes: reference detection rate, false alarm rate G-means and overall accuracy.The experimental results show that the proposed preprocessing scheme can effectively improve the detection rate and the overall accuracy of the intrusion detection system under the condition of maintaining a low false alarm rate.
【学位授予单位】：郑州大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】