特征选择算法研究及其在异常检测中的应用

发布时间：2018-05-04 20:06

本文选题：特征选择 + 入侵检测　；参考：《电子科技大学》2014年硕士论文

【摘要】：随着社会的进步和网络信息技术的飞速发展,互联网普及率和网民数量逐年攀升,人们的日常生活与工作越来越离不开网络。与此同时,针对网络的攻击手段和攻击工具日趋多样复杂,网络安全面临着严峻的挑战。入侵检测是一种重要的安全防范技术,它通过分析收集到的数据,判断网络中是否存在入侵并采取相应的措施。然而,随着网络规模和用户数量的日益增大,网络中传输的数据量出现了“爆炸性”趋势,这使得入侵检测系统无法及时处理大量信息,导致IDS响应不及时甚至失效。为了解决上述问题,研究者将目光投向了特征选择方法,该方法可以对入侵检测系统要处理的数据进行预处理,选择对系统而言比较“重要”的特征,降低数据的维度,从而有效地提高入侵检测系统的效率。总体上,本文主要的贡献和具体的研究内容包含以下几个方面:(1)研究入侵检测的概念、模型等相关理论知识;研究入侵检测方法的分类,分析和比较不同的入侵检测方法的优缺点;提出一种改进的TCM-KNN异常检测算法,并将其应用于Do S异常检测;总结入侵检测系统当前面临的问题。(2)研究特征选择算法,包括过滤器模式、封装器模式和混合器模式三种类型的特征选择算法,分析比较它们各自的优缺点。重点研究几种典型的特征选择算法,包括相关性特征选择(CFS)、信息增益(IG)、增益率(Gain Ratio)、Relief、Chi Square等,分析它们的原理,比较各自优缺点。(3)基于以上的研究,提出一种有效的基于贝叶斯网络分类器的特征选择方法,在保持较高检测率和较低误报率的基础上,选择出有利于区分正常和异常的特征子集,去除与分类不相关的特征和冗余特征,以降低异常检测的时空开销,提高检测效率。将所提出的特征选择方法应用于异常检测,在NSL-KDD标准数据集上验证方法的有效性,并将实验结果与(2)中的几种典型的特征选择方法进行对比。主要从时间、检测率、误报率、分类准确率等几个评估标准来衡量各种方法所选择的特征子集对分类的重要性。
[Abstract]:With the progress of society and the rapid development of network information technology, the Internet popularization rate and the number of Internet users are rising year by year, people's daily life and work are more and more inseparable from the network. At the same time, the attack means and tools are becoming more and more complex, and the network security is facing severe challenges. Intrusion detection is an important security technology. It analyzes the collected data, determines whether there is an intrusion in the network and takes appropriate measures. However, with the increasing of the network scale and the number of users, the amount of data transmitted in the network has an explosive trend, which makes the intrusion detection system unable to deal with a large amount of information in time, resulting in the IDS response is not timely or even ineffective. In order to solve the above problems, the researchers focus on the feature selection method, which can preprocess the data to be processed by the intrusion detection system, select the features that are more important to the system, and reduce the dimension of the data. Therefore, the efficiency of intrusion detection system can be improved effectively. In general, the main contributions and specific research contents of this paper include the following aspects: 1. Study the concept, model and other relevant theoretical knowledge of intrusion detection; study the classification of intrusion detection methods; The advantages and disadvantages of different intrusion detection methods are analyzed and compared. An improved TCM-KNN anomaly detection algorithm is proposed and applied to do anomaly detection. There are three kinds of feature selection algorithms, filter mode, wrapper mode and mixer mode, and their advantages and disadvantages are analyzed and compared. This paper focuses on several typical feature selection algorithms, including correlation feature selection (CFS), information gain (Square), gain rate (gain rate), and so on. The principle of these algorithms is analyzed, and their respective advantages and disadvantages are compared. An effective feature selection method based on Bayesian network classifier is proposed. On the basis of maintaining high detection rate and low false alarm rate, a feature subset is selected to distinguish normal and abnormal features. In order to reduce the space-time cost of anomaly detection and improve the detection efficiency, the features and redundant features that are not related to classification are removed. The proposed feature selection method is applied to anomaly detection, and the validity of the method is verified on the NSL-KDD standard data set, and the experimental results are compared with several typical feature selection methods in X2). The importance of the feature subsets selected by various methods for classification is measured by several evaluation criteria, such as time, detection rate, false alarm rate, classification accuracy and so on.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】