Journal of Computer Applications ›› 2019, Vol. 39 ›› Issue (7): 1979-1984.DOI: 10.11772/j.issn.1001-9081.2019010018

• Cyber security • Previous Articles     Next Articles

Efficient semi-supervised multi-level intrusion detection algorithm

CAO Weidong, XU Zhixiang   

  1. College of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China
  • Received:2019-01-07 Revised:2019-02-27 Online:2019-04-15 Published:2019-07-10
  • Supported by:

    This work is partially supported by the Civil Aviation Safety Capacity Building Project (AADSA0018), the Civil Aviation Administration Science and Technology Innovation Guidance Fund (MHRD20160109).


曹卫东, 许志香   

  1. 中国民航大学 计算机科学与技术学院, 天津 300300
  • 通讯作者: 许志香
  • 作者简介:曹卫东(1964-),女,天津人,副教授,博士,CCF会员,主要研究方向:民航信息系统处理、网络安全;许志香(1993-),女,山东东营人,硕士研究生,主要研究方向:机载信息系统、网络安全。
  • 基金资助:



An efficient semi-supervised multi-level intrusion detection algorithm was proposed to solve the problems existing in present intrusion detection algorithms such as difficulty of collecting a lot of tagged data for supervised learning-based algorithms, low accuracy of unsupervised learning-based algorithms and low detection rate on R2L (Remote to Local) and U2L (User to Root) of both types of algorithms. Firstly, according to Kd-tree (K-dimension tree) index structure, weighted density was used to select initial clustering centers of K-means algorithm in high-density sample region. Secondly, the data after clustering were divided into three clusters. Then, weighted voting rule was utilized to expand the labeled dataset by means of Tri-training from the unlabeled clusters and mixed clusters. Finally, a hierarchical classification model with binary tree structure was designed and experimental verification was performed on NSL-KDD dataset. The results show that the semi-supervised multi-level intrusion detection model can effectively improve detection rate of R2L and U2R attacks by using small amount of tagged data, the detection rates of R2L and U2R attacks reach 49.38% and 81.14% respectively, thus reducing the system's false negative rate.

Key words: intrusion detection, Kd-tree, Tri-training, semi-supervised, multi-level



关键词: 入侵检测, Kd-tree, Tri-training, 半监督, 多层次

CLC Number: