Abstract:Under increasingly complex network environment, traditional intrusion detection methods have high false alarm rate, low detection efficiency and the contradiction between accuracy and interpretability in the optimization process. Therefore, an Improved Rough Set Attribute Reduction and optimized K-means Clustering Approach for Network Intrusion Detection (IRSAR-KCANID) was proposed. Firstly, the dataset was preprocessed based on the attribute reduction of fuzzy rough set in order to optimize the anomalous intrusion detection features. Then, the threshold of intrusion range was estimated by improved K-means clustering algorithm, and the network features were classified. After that, according to the linear canonical correlation used for feature optimization, the feature association impact scale was explored from the selected optimal features in order to form the table of feature association impact scale, and the detection of anomalous network intrusion was completed. The experimental results show that the minimum measured feature association impact scale table after feature optimization clustering can minimize the complexity of intrusion detection process and shorten the completion time on the premise of guaranteeing maximum prediction accuracy.
王磊. 改进粗糙集属性约简结合K-means聚类的网络入侵检测方法[J]. 计算机应用, 2020, 40(7): 1996-2002.
WANG Lei. Network intrusion detection method based on improved rough set attribute reduction and K-means clustering. Journal of Computer Applications, 2020, 40(7): 1996-2002.
[1] 张连成, 魏强, 唐秀存, 等. 基于路径与端址跳变的SDN网络主动防御技术[J]. 计算机研究与发展,2017,54(12):2761-2771. (ZHANG L C,WEI Q,TANG X C,et al. Path and port address hopping based SDN proactive defense technology[J]. Journal of Computer Research and Development, 2017, 54(12):2761-2771.) [2] 刘江, 张红旗, 杨英杰, 等. 基于主机安全状态迁移模型的动态网络防御有效性评估[J]. 电子与信息学报,2017,39(3):509-517.(LIU J,ZHANG H Q,YANG Y J,et al. Effectiveness evaluation of dynamic network defense based on host security state migration model[J]. Journal of Electronics and Information Technology, 2017,39(3):509-517.) [3] HODO E,BELLEKENS X,HAMILTON A,et al. Threat analysis of IoT networks using artificial neural network intrusion detection system[C]//Proceedings of the 2016 International Symposium on Networks,Computers and Communications. Piscataway:IEEE, 2016:1-6. [4] MONDAEEV M,ANKER T,MEYOUHAS Y. Method and apparatus for deep packet inspection for network intrusion detection:US20080031130[P]. 2013-05-21. [5] QU X,YANG L,GUO K,et al. A survey on the development of self-organizing maps for unsupervised intrusion detection[J/OL]. Mobile Networks and Applications[2019-11-10]. https://link.springer.com/article/10.1007%2Fs11036-019-01353-0. [6] CHIEN C F,HUANG Y C,HU C H. A hybrid approach of data mining and genetic algorithms for rehabilitation scheduling[J]. International Journal of Manufacturing Technology and Management, 2009,16(1/2):76-100. [7] KHALVATI L,KESHTGARY M,RIKHTEGAR N. Intrusion detection based on a novel hybrid learning approach[J]. Journal of AI and Data Mining,2018,6(1):157-162. [8] WANG W,LIU J,PITSILIS G,et al. Abstracting massive data for lightweight intrusion detection in computer networks[J]. Information Sciences,2018,433/434:417-430. [9] SULTANA N,CHILAMKURTI N,PENG W,et al. Survey on SDN based network intrusion detection system using machine learning approaches[J]. Peer-to-Peer Networking and Applications,2019,12(2):493-501. [10] 李龙杰, 于洋, 白伸伸, 等. 基于二次训练技术的入侵检测方法研究[J]. 北京理工大学学报,2017,37(12):1246-1252.(LI L J,YU Y,BAI S S,et al. Intrusion detection model based on double training technique[J]. Transactions of Beijing Institute of Technology,2017,37(12):1246-1252.) [11] GAO X,SUN Q,XU H. Multiple-rank supervised canonical correlation analysis for feature extraction,fusion and recognition[J]. Expert Systems with Applications,2017,84:171-185. [12] 刘雪娟, 袁家斌, 操凤萍. 云计算环境下面向数据分布的Kmeans聚类算法[J]. 小型微型计算机系统,2017,38(4):712-715. (LIU X J,YUAN J B,CAO F P. Data distribution K-means clustering for cloud computing[J]. Journal of Chinese Computer Systems,2017,38(4):712-715.) [13] XU T,CHANG H D,LIU G,et al. Hierarchical K-means method for clustering large-scale advanced metering infrastructure data[J]. IEEE Transactions on Power Delivery, 2017, 32(2):609-616. [14] PARK S,KIM J. A study on risk index to analyze the impact of port scan and to detect slow port scan in network intrusion detection[J]. Advanced Science Letters,2017,23(10):10329-10336. [15] KORITSAS S,HAGILIASSIS N,CUZZILLO C. The outcomes and impact scale-revised:the psychometric properties of a scale assessing the impact of service provision[J]. Journal of Intellectual Disability Research,2017,61(5):450-460. [16] 张冰涛, 王小鹏, 王履程, 等. 基于图论的MANET入侵检测方法[J]. 电子与信息学报,2018,40(6):1446-1452.(ZHANG B T,WANG X P,WANG L C,et al. Intrusion detection method for MANET based on graph theory[J]. Journal of Electronics and Information Technology,2018,40(6):1446-1452.) [17] KHROMYKH S V,TSYGANKOV A A,BURMAKINA G N,et al. Mantle-crust interaction in petrogenesis of the gabbro-granite association in the Preobrazhenka intrusion,Eastern Kazakhstan[J]. Petrology,2018,26(4):368-388. [18] 叶子维, 郭渊博, 王宸东, 等. 攻击图技术应用研究综述[J]. 通信学报,2017,38(11):121-132.(YE Z W,GUO Y B,WANG C D,et al. Survey on application of attack graph technology[J]. Journal on Communications,2017,38(11):121-132.) [19] SHI W,LU C,YE Y,et al. Assessment of the impact of sea-level rise on steady-state seawater intrusion in a layered coastal aquifer[J]. Journal of Hydrology,2018,563:851-862.