Journal of Computer Applications ›› 2019, Vol. 39 ›› Issue (11): 3310-3315.DOI: 10.11772/j.issn.1001-9081.2019040730

• Cyber security • Previous Articles     Next Articles

Intrusion detection method based on ensemble transfer learning via weighted mutual information

HU Jian1, SU Yongdong1, HUANG Wenzai1, XIAO Peng1, LIU Yuting1, YANG Benfu2   

  1. 1. Information Center, Yunnan Power Grid Company Limited, Kunming Yunnan 650217, China;
    2. Yunnan Yundian Tongfang Technology Company Limited, Kunming Yunnan 650217, China
  • Received:2019-04-28 Revised:2019-07-22 Online:2019-08-26 Published:2019-11-10

基于互信息加权集成迁移学习的入侵检测方法

胡健1, 苏永东1, 黄文载1, 肖鹏1, 刘玉婷1, 杨本富2   

  1. 1. 云南电网有限责任公司 信息中心, 昆明 650217;
    2. 云南云电同方科技有限公司, 昆明 650217
  • 通讯作者: 胡健
  • 作者简介:胡健(1992-),男,云南文山人,工程师,硕士,主要研究方向:信息安全、机器学习;苏永东(1967-),女,北京人,高级工程师,主要研究方向:信息安全;黄文载(1963-),男,云南昆明人,高级工程师,硕士,主要研究方向:电力系统自动化;肖鹏(1988-),男,云南昆明人,工程师,主要研究方向:网络空间安全;刘玉婷(1987-),女,云南昭通人,工程师,硕士,主要研究方向:信息安全;杨本富(1982-),男,云南保山人,工程师,主要研究方向:软件工程、信息安全。

Abstract: Intrusion Detection System (IDS) has become an essential part of network security system, the practicability and durability of the existing intrusion detection methods still have improvement space, like detecting intrusion threats earlier and improving the detection accuracy of intrusion detection systems. Therefore, an intrusion detection method based on Ensemble Transfer Learning (ETL) via weighted mutual information was proposed. Firstly, the transfer strategy was used to model multiple feature sets, then the mutual information was used to measure the data attribution of feature sets under the transfer models in different domains. Finally, the weighted ensemble was performed to the multiple transfer models according to the measures, obtaining the ensemble transfer model. The method was able to construct the intrusion detection model better than the traditional models without ensemble or transfer learning by learning the knowledge of little labeled samples in the new environment and many labeled samples in the prior environment. The benchmark NSL-KDD dataset was used to evaluate the proposed method and the results show that the proposed method has good convergence performance and improve the accuracy of intrusion detection.

Key words: intrusion detection, transfer learning, mutual information, ensemble learning, weighted ensemble

摘要: 入侵检测系统(IDS)已成为网络安全体系结构中的必要组成部分。在面对现代网络安全需求时,现有的入侵检测方法的可行性和持续性仍然存在提高空间,主要体现在更早地发现入侵威胁和提高入侵检测系统的检测精准度,为此提出一种基于互信息加权的集成迁移学习(ETL)入侵检测方法。首先,通过迁移策略对多组特征集进行建模;然后,使用互信息度量在迁移模型下特征集在不同域中的数据分布;最后,根据度量值对多个迁移模型进行集成加权,得到集成迁移模型。该方法通过学习新环境下的少量有标记样本和以往环境下的大量有标记样本的知识,可以建立效果优于传统非集成、非迁移的入侵检测模型。使用基准NSL-KDD数据集对该方法进行评估,实验结果表明,所提方法具有良好的收敛性能,并提高了入侵检测的精准率。

关键词: 入侵检测, 迁移学习, 互信息, 集成学习, 加权集成

CLC Number: