题名

適用於網路入侵偵測不平衡資料之階層式多重分類器

作者

張智傑;王勝德

关键词

入侵偵測系統 ; 不平衡資料集 ; 階層式分類器

期刊名称

資訊安全通訊

卷期/出版年月

21卷2期(2015 / 04 / 01)

页次

21 - 40

内容语文

繁體中文
中文摘要

網路活動在近幾年行動裝置普及和雲端化趨勢的推動下有顯著成長,因此入侵偵測系統的存在是非常重要的。由於實際網路流量中相對於正常連接,攻擊的存在是少量的,因此許多基於統計模型的監督式入侵偵測系統不易偵測與分類這些少量但有害的攻擊。本研究中,提出一個基於多個分類器的結合並透過階層式分類平衡數據量的入侵偵測系統,依資料中各類的錯誤成本敏感程度與類包含資料的數目作為分割依據,利用多個二元分類器與一個多類分類器將資料中的每一類依序找出。此方法優點在於富彈性適合各種流行的分類演算法,同時不需修改原始訓練資料統計分布,可以降低入侵偵測中因為原始訓練資料集的各類資料數量相差過大造成的分類誤差,對錯誤成本較敏感的網路入侵資料平均成本也有降低。實驗與結果評估採用KDD CUP 99資料集入侵偵測資料集以及其修改後之ND-KDD資料集測試,在ND-KDD資料集實驗,四種演算法使用階層式多重分類器的錯誤率平均降低百分之十六,平均成本降低百分之十三。
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. C. ELKAN, "Results of the KDD'99 Classifier Learning Contest". 1999..
  2. ACMSIGKDD, "http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html". 1999.
  3. BRO. 2014; Available from: https://www.bro.org/index.html.
  4. WEKA. 2014; Available from: http://www.cs.waikato.ac.nz/~ml/weka/.
  5. SNORT. 2014; Available from: https://www.snort.org/.
  6. AMOR, N. B.,BENFERHAT, S.,ELOUEDI, Z.(2004).Naive bayes vs decision trees in intrusion detection systems.Proceedings of the 2004 ACM symposium on Applied computing
  7. BOLÓN-CANEDO, V.,SÁ NCHEZ-MAROÑO, N.,ALONSO-BETANZOS, A.(2011).Feature selection and classification in multiple class datasets: An application to KDD Cup 99 dataset.Expert Systems with Applications,38(5),5947-5957.
  8. BOLÓN-CANEDO, V.,SÁNCHEZ-MAROÑO, N.,ALONSO-BETANZOS, A.(2009).A combination of discretization and filter methods for improving classification performance in KDD Cup 99 dataset.Neural Networks, 2009. IJCNN 2009. International Joint Conference on
  9. CHANDOLA, V.,BANERJEE, A.,KUMAR, V.(2009).Anomaly detection: A survey.ACM Computing Surveys (CSUR),41(3),15.
  10. COOPER, G. F.,HERSKOVITS, E.(1992).A Bayesian method for the induction of probabilistic networks from data.Machine learning,9(4),309-347.
  11. CRONE, S. F.,LESSMANN, S.,STAHLBOCK, R.(2006).The impact of preprocessing on data mining: An evaluation of classifier sensitivity in direct marketing.European Journal of Operational Research,173(3),781-800.
  12. DASH, M.,LIU, H.(2003).Consistency-based search in feature selection.Artificial Intelligence,151(1-2),155-176.
  13. DERRAC, J.,GARCIA, S.,SANCHEZ, L.,HERRERA, F.(2011).KEEL Data-Mining Software Tool: Data Set Repository, Integration of Algorithms and Experimental Analysis Framework.Journal of Multiple-Valued Logic and Soft Computing,17,255–287.
  14. HE, H.,GARCIA, E. A.(2009).Learning from imbalanced data.Knowledge and Data Engineering, IEEE Transactions on,21(9),1263-1284.
  15. HECKERMAN, D.(2008).A tutorial on learning with Bayesian networks.Innovations in Bayesian Networks
  16. HELMAN, P,LIEPINS, G.,RICHARDS.W.(1992).Foundations of intrusion detection[computer security].Computer Security Foundations Workshop V, 1992. Proceedings
  17. HORNG, S.-J.,SU, M.-Y.,CHEN, Y.-H.,KAO, T.-W.(2011).A novel intrusion detection system based on hierarchical clustering and support vector machines.Expert Systems with Applications,38(1),306-313.
  18. HU, W.,HU, W.,MAYBANK, S.(2008).Adaboost-based algorithm for network intrusion detection.Systems, Man, and Cybernetics, Part B: Cybernetics, IEEE Transactions on,38(2),577-583.
  19. KOC, L.,MAZZUCHI, T. A.,SARKANI, S.(2012).A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier.Expert Systems with Applications,39(18),13492-13500.
  20. LIU, H.,SETIONO, R.(1997).Feature selection via discretization.IEEE Transactions on knowledge and Data Engineering,9(4),642-645.
  21. QUINLAN, J. R.(1993).C4. 5: programs for machine learning.Morgan kaufmann..
  22. RODRIGUEZ, J. J.,KUNCHEVA, L. I.,ALONSO, C. J.(2006).Rotation forest: A new classifier ensemble method.Pattern Analysis and Machine Intelligence, IEEE Transactions on,28(10),1619-1630.
  23. SABHNANI, M.,SERPEN, G.(2003).Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context.MLMTA
  24. SIVATHA SINDHU, S. S.,GEETHA, S.,KANNAN, A.(2012).Decision tree based light weight intrusion detection using a wrapper approach.Expert Systems with Applications,39(1),129-141.
  25. TAVALLAEE, M.,BAGHERI, E.,LU, W,GHORBANI.A.-A.(2009).A detailed analysis of the KDD CUP 99 data set.Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009
  26. WOLD, S.,ESBENSEN, K.,GELADI, P.(1987).Principal component analysis.Chemometrics and intelligent laboratory systems,2(1),39-52.
  27. XIANG, C.,YONG, P. C.,MENG, L. S.(2008).Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees.Pattern Recognition Letters,29(7),918-924.
  28. XIAO, L.,CHEN, Y.,CHANG, C. K.(2014).Bayesian Model Averaging of Bayesian Network Classifiers for Intrusion Detection.Computer Software and Applications Conference Workshops (COMPSACW), 2014 IEEE 38th International
  29. YANG, Y.,WEBB, G. I.(2001).Proportional k-interval discretization for naive-Bayes classifiers.Machine learning: ECML 2001
  30. YEUNG, D.-Y.,CHOW, C.(2002).Parzen-window network intrusion detectors.Pattern Recognition, 2002. Proceedings. 16th International Conference on
print cancel