关键词: 入侵检测;AdaBoost算法;非平衡数据集

Abstract:

In view of the current problems of high-speed network intrusion detection system, such as high packet loss rate, slow pace of testing for attacks and unbalanced data for detection, this paper proposed a new two-stage strategy with load balancing intrusion detection model. In the on-line phase, the system captured the packets from network and split into small ones according to the protocol type, and then detected through each sensor. In the off-line phase, training dataset was used to build module which can detect intrusion. The authors discussed different approaches to unbalanced data, empirically evaluated the SMOTE over-sampling approaches and classified with AdaBoost and random forests algorithm. The experimental results show that SMOTE and the AdaBoost Algorithm by using random forests as weak learner not only can provide better performance to small class,but also has steady model building time.

Key words: instruction detection;Adaboost algorithm;unbalanced datasets