多层极限学习机在入侵检测中的应用

doi:10.11772/j.issn.1001-9081.2015.09.2513

计算机应用 ›› 2015, Vol. 35 ›› Issue (9): 2513-2518.DOI: 10.11772/j.issn.1001-9081.2015.09.2513

多层极限学习机在入侵检测中的应用

康松林, 刘乐, 刘楚楚, 廖锓

中南大学信息科学与工程学院, 长沙 410083

收稿日期:2015-04-20 修回日期:2015-06-14 出版日期:2015-09-10 发布日期:2015-09-17
通讯作者: 康松林(1968-),男,湖南新化人,副教授,硕士,主要研究方向:网络信息安全,sunkang@mail.csu.edu.cn
作者简介:刘乐(1991-),女,湖南邵阳人,硕士研究生,主要研究方向:网络信息安全;刘楚楚(1990-),女,湖南湘潭人,硕士研究生,主要研究方向:网络信息安全;廖锓(1990-),男,湖南长沙人,硕士研究生,主要研究方向:数据挖掘。
基金资助:
国家自然科学基金资助项目(60773013)。

Intrusion detection based on multiple layer extreme learning machine

KANG Songlin, LIU Le, LIU Chuchu, LIAO Qin

School of Information Science and Engineering, Central South University, Changsha Hunan 410083, China

Received:2015-04-20 Revised:2015-06-14 Online:2015-09-10 Published:2015-09-17

摘要/Abstract

摘要： 针对神经网络在入侵检测应用存在的维度高、数据大、获取标记样本难、特征构造难、训练难等问题,提出了一种基于深度多层极限学习机(ML-ELM)的入侵检测方法。首先,采用多层网络结构和深度学习方法抽取检测样本最高层次的抽象特征,用奇异值对入侵检测数据进行特征表达;然后,利用极限学习机(ELM)建立入侵检测数据的分类模型;其次,利用逐层的无监督学习方法解决入侵检测获取标记样本难的问题;最后采用KDD99数据集对该方法的性能进行了验证。实验结果表明:多层极限学习机的方法提高了检测正确率,检测漏报率也低至0.48%,检测速度比其他深度模型的检测方法提高了6倍以上。同时在极少标记样本的情况下仍有85%以上的正确率。通过多层网络结构的构建提高了对U2L、R2L这两类攻击的检测率。该方法集成深度学习和无监督学习的优点,能对高维度,大数据的网络记录用较少的参数得到更好的表达,在入侵检测的检测速度以及特征表达两个方面都具有优势。

关键词: 入侵检测, 高维度, 大数据, 标记样本, 特征构造, 训练, 多层极限学习机

Abstract: In view of high dimension, big data, the difficulty of getting labeled samples, the problem of feature expression and training existed in the application of neural network in intrusion detection, an intrusion detection method based on Multiple Layer Extreme Learning Machine (ML-ELM) was proposed in this paper. Firstly, the highest level abstract features of the detection samples were extracted by multi-layer network structure and deep learning method. The characteristics of intrusion detection data were expressed by singular values. Secondly, the Extreme Learning Machine (ELM) was used to establish the classification model of intrusion detection data. Then, the problem that hard to obtain labeled samples was solved by using a layer by layer unsupervised learning method. Finally, the KDD 99 dataset was used to test the performance of ML-ELM. The experimental results show that the proposed model can improve the detection accuracy, and the false negative rate of detection is low to 0.48%. The detection speed can be improved by more than 6 times compared with other depth detection methods. What's more, the detection accuracy is still more than 85% in the case of a few labeled samples. The detection rates of U2L attack and R2L attack are improved by constructing multi-layer network structure. The method integrates the advantages of deep learning and unsupervised learning. It can express these features of high dimension and large data well using fewer parameters. It also has a good performance in intrusion detection rate and characteristic expression.

Key words: intrusion detection, high dimension, big data, labeled sample, feature expression, training, Multiple Layer Extreme Learning Machine (ML-ELM)

中图分类号:

TP393.08

康松林, 刘乐, 刘楚楚, 廖锓. 多层极限学习机在入侵检测中的应用[J]. 计算机应用, 2015, 35(9): 2513-2518.

KANG Songlin, LIU Le, LIU Chuchu, LIAO Qin. Intrusion detection based on multiple layer extreme learning machine[J]. Journal of Computer Applications, 2015, 35(9): 2513-2518.

参考文献

[1] GU X, WANG H, NI T, et al. Detection of application-layer DDoS attack based on time series analysis [J]. Journal of Computer Applications, 2013,33(8):2228-2231.(顾晓清,王洪元,倪彤光,等.基于时间序列分析的应用层DDoS攻击检测[J].计算机应用,2013,33(8):2228-2231.)
[2] WANG L, TENG S. Application of clustering and time-based sequence analysis in intrusion detection [J]. Journal of Computer Applications, 2010,30(3):699-701.(王令剑,滕少华.聚类和时间序列分析在入侵检测中的应用[J].计算机应用,2010,30(3):699-701.)
[3] KAVITHA B, KARTHIKEYAN D S, MAYBELL P S. An ensemble design of intrusion detection system for handling uncertainty using neutrosophic logic classifier [J]. Knowledge-Based Systems, 2012,28(4):88-96.
[4] HUANG H, SUN H. Network intrusion detection based on particle swarm optimization algorithm and information gain [J]. Journal of Computer Applications, 2014,34(6):1686-1688.(黄会群,孙虹.粒子群选择特征和信息增益确定特征权值的入侵检测[J].计算机应用,2014,34(6):1686-1688.)
[5] MRUTYUNJAYA P, AJITH A, MANAS R P. A hybrid intelligent approach for network intrusion detection [J]. Procedia Engineering, 2012,30(1):1-9.
[6] HUWAIDA T E, IZZELDIN M O. Alert correlation in collaborative intelligent intrusion detection systems[J]. Applied Soft Computing, 2011,11(7):4349-4365.
[7] BENGIO Y. Learning deep architectures for AI [J]. Foundations and Trends in Machine Learning, 2009,2(1):1-127.
[8] HINTON G E, SALAKHUTDINOV R R. Reducing the dimensionality of data with neural networks [J]. Science, 2006,313(5786):504-507.
[9] SALAKHUTDINOV R, HINTON G. An efficient learning procedure for deep Boltzmann machines[J]. Neural Computation, 2012,24(8):1967-2006.
[10] HUANG G B, ZHU Q Y, SIEW C K. Extreme learning machine: theory and applications [J]. Neurocomputing, 2006,70(1):489-501.
[11] KUANG F, XU W, ZHANG S, et al. A novel approach of KPCA and SVM for intrusion detection [J]. Journal of Computational Information Systems, 2012,8(8):3237-3244.
[12] ARYA A, KUMAR S. Information theoretic feature extraction to reduce dimensionality of genetic network programming based intrusion detection model [C]//Proceedings of the 2014 International Conference on Issues and Challenges in Intelligent Computing Techniques. Piscataway: IEEE, 2014:34-37.
[13] HOU G, MA X, ZHANG Y. A new method for intrusion detection using manifold learning algorithm [J]. Telkomnika Indonesian Journal of Electrical Engineering, 2013,11(12):7339-7343.
[14] CHEN J G, LI Z X. Artificial neural network based intrusion detection method combined with manifold learning algorithm [J]. Applied Mechanics and Materials, 2012,121-126:3170-3174.
[15] HEYI W, AIQUN H, YUBO S, et al. A new intrusion detection feature extraction method based on complex network theory [C]//Proceedings of the 2012 4th International Conference on Multimedia Information Networking and Security. Piscataway: IEEE, 2012:852-856.
[16] XU Q, YANG L. A supervised local decision hierarchical support vector machine based anomaly intrusion detection method [J]. Journal of Electronics and Information Technology, 2010,32(10):2383-2387.(徐琴珍,杨绿溪.一种基于有监督局部决策分层支持向量机的异常检测方法[J].电子与信息学报,2010,32(10):2383-2387.)
[17] HAWELIYA J, NIGAM B. Network intrusion detection using semi supervised support vector machine [J]. International Journal of Computer Applications, 2014,85(9):27-31.
[18] CASAS P, MAZEL J, OWEZARSKI P. Unsupervised network intrusion detection systems: detecting the unknown without knowledge [J]. Computer Communications, 2012,35(7):772-783.
[19] CASAS P, MAZEL J, OWEZARSKI P. Knowledge-independent traffic monitoring: unsupervised detection of network attacks [J]. IEEE Network, 2012,26(1):13-21.
[20] KASUN L L C, ZHOU H, HUANG G B, et al. Representational learning with ELMs for big data [J]. IEEE Intelligent Systems, 2013,28(6):31-34.
[21] HUANG G B, ZHOU H, DING X, et al. Extreme learning machine for regression and multiclass classification [J]. IEEE Transactions on Systems, Man, and Cybernetics-Part B: Cybernetics, 2012,42(2):513-529.
[22] WIDROW B, GREENBLATT A, KIM Y, et al. The No-Prop algorithm: a new learning algorithm for multilayer neural networks [J]. Neural Networks, 2013,37:182-188.
[23] JOHNSON W B, LINDENSTRAUSS J, SCHECHTMAN G. Extensions of Lipschitz maps into Banach spaces [J]. Israel Journal of Mathematics,1986,54(2):129-138.

多层极限学习机在入侵检测中的应用

Intrusion detection based on multiple layer extreme learning machine

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	张师鹏, 李永忠, 杜祥通. 基于半监督学习和三支决策的入侵检测模型[J]. 计算机应用, 2021, 41(9): 2602-2608.
[2]	管其杰, 张挺, 李德亚, 周绍景, 杜奕. 基于多分辨率生成对抗网络的空间数据不确定性重建方法[J]. 计算机应用, 2021, 41(8): 2306-2311.
[3]	王月, 江逸茗, 兰巨龙. 基于改进三元组网络和K近邻算法的入侵检测[J]. 计算机应用, 2021, 41(7): 1996-2002.
[4]	王垚, 孙国梓. 基于聚类和实例硬度的入侵检测过采样方法[J]. 计算机应用, 2021, 41(6): 1709-1714.
[5]	张全龙, 王怀彬. 基于膨胀卷积和门控循环单元组合的入侵检测模型[J]. 计算机应用, 2021, 41(5): 1372-1377.
[6]	刘睿珩, 叶霞, 岳增营. 面向自然语言处理任务的预训练模型综述[J]. 计算机应用, 2021, 41(5): 1236-1246.
[7]	任晓奎, 刘鹏飞, 陶志勇, 刘影, 白立春. 基于单快拍信号到达角估计算法的室内入侵检测[J]. 计算机应用, 2021, 41(4): 1153-1159.
[8]	李慧慧, 闫坤, 张李轩, 刘威, 李执. 基于MobileNetV2的圆形指针式仪表识别系统[J]. 计算机应用, 2021, 41(4): 1214-1220.
[9]	吕佳, 鲜焱. 结合改进密度峰值聚类和共享子空间的协同训练算法[J]. 计算机应用, 2021, 41(3): 686-693.
[10]	蒋宁, 方景龙, 杨庆. 基于单点多盒检测器的全局-局部层级的域适应目标检测[J]. 计算机应用, 2021, 41(2): 517-522.
[11]	李志超, 吐尔地·托合提, 艾斯卡尔·艾木都拉. 基于动态注意力和多角度匹配的答案选择模型[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3156-3163.
[12]	周翔, 翟俊海, 黄雅婕, 申瑞彩, 侯璎真. 基于随机森林和投票机制的大数据样例选择算法[J]. 计算机应用, 2021, 41(1): 74-80.
[13]	罗俊, 陈黎飞. 基于BERT的不完全数据情感分类[J]. 计算机应用, 2021, 41(1): 139-144.
[14]	谭金源, 刁宇峰, 祁瑞华, 林鸿飞. 基于BERT-PGN模型的中文新闻文本自动摘要生成[J]. 计算机应用, 2021, 41(1): 127-132.
[15]	曹策俊, 刘桔. 灾害运作管理中应急组织决策建模方法综述[J]. 计算机应用, 2020, 40(7): 2142-2149.