一种基于OCSVM-PSO的网络入侵检测技术

发布时间：2018-05-05 22:36

本文选题：网络入侵检测 + 单类支持向量机　；参考：《暨南大学》2014年硕士论文

【摘要】：基于异常的网络入侵检测技术是一种重要的网络安全技术，而基于SVM的入侵检测技术是一个重要的研究方向。然而，现有的基于SVM的入侵检测技术存在漏报率高、训练时间长以及对未知入侵数据检测能力差的问题。为缓解上述问题，，本文提出一种新的基于单类支持向量机(OCSVM)的网络入侵检测技术OCSVM-PSO。此技术将基于异常的网络入侵检测问题当作一个二分类问题，其目标是将数据样本分成两类，一类是正常的数据，另一类是异常的数据、即代表的入侵的数据（而忽略入侵的类型）。此技术的特点如下：1、通过利用主成分分析方法消除数据集的冗余属性，提取数据集中的主要属性，从而对数据集进行降维。2、通过利用粒子群优化算法(PSO)对向量机的核函数中的参数选择过程进行优化，获得单类向量机的最优参数。本课题实现了上述技术，并对其进行实验研究：首先使用此技术所选择的最佳参数设定向量机以训练入侵检测模型，然后利用预测数据集来检验模型的漏报率和对未知入侵的检测率。实验结果表明：与基于多类向量机的入侵检测技术和基于遗传算法优化的单类向量机的入侵检测技术相比，本文所提出的方法能够降低漏报率、减少训练时间、并能发现更多的未知入侵数据。
[Abstract]:Anomaly based network intrusion detection technology is an important network security technology, and intrusion detection technology based on SVM is an important research direction. However, the existing intrusion detection technology based on SVM has the problems of high leakage rate, long training time and poor detection ability of unknown intrusion data.
In order to alleviate the above problems, a new network intrusion detection technology based on single class support vector machine (OCSVM) is proposed in this paper OCSVM-PSO.. The technology based on abnormal network intrusion detection is considered as a two classification problem. The goal is to divide the data into two classes, one is normal data, the other is abnormal, that is, the representative of the network intrusion detection problem. The characteristics of the intrusion are as follows: 1, by using the principal component analysis method to eliminate the redundant attributes of the data set and extracting the main attributes of the data set, the data set is reduced by.2, and the parameter selection process in the kernel function of the vector machine is carried out by using the particle swarm optimization algorithm (PSO). Optimization, the optimal parameters of a single class vector machine are obtained. This topic realizes the above technology and carries out an experimental study. First, the best parameter set by this technique is used to train the intrusion detection model, and then the prediction data set is used to test the failure rate of the model and the detection rate of the unknown intrusion. The experimental results show that: Compared with the intrusion detection technology based on multi class vector machines and the single class vector machine based on genetic algorithm, the proposed method can reduce the false alarm rate, reduce the training time, and find more unknown intrusion data.

【学位授予单位】：暨南大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【相似文献】