An improved adaptive boosting algorithm based Internet intrusion detection method

An intrusion detection and Internet technology, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve the problems of not meeting real-time processing requirements, difficult online retraining, and high computational complexity, and achieve easy online retraining, The effect of low false alarm rate and low computational complexity

Inactive Publication Date: 2007-10-24
INST OF AUTOMATION CHINESE ACAD OF SCI
View PDF0 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] In order to solve the above-mentioned problems of high computational complexity of the traditional intrusion detection method, which makes it difficult to retrain online and fail to meet the requirements of real-time processing, the problem of high false alarm rate, and the problem of over-learning in the classic adaptive boosting (Adaboost) algorithm, the present invention Provide an Internet intrusion detection method based on the improved Adaboost algorithm with low computational complexity, low false alarm rate, better solution to the over-learning problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An improved adaptive boosting algorithm based Internet intrusion detection method
  • An improved adaptive boosting algorithm based Internet intrusion detection method
  • An improved adaptive boosting algorithm based Internet intrusion detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] Embodiment 1: That is, it is actually applied in the intrusion detection system of the present invention. For each feature dimension, all training samples are used to construct a weak classifier according to Bayesian rule. In this way, a total of 41 weak classifiers can be obtained, that is, the size of the generated weak classifier group is 41.

[0046]Since different feature dimensions have different properties, some are continuous features and some are discrete features, different processing methods should be adopted when applying Bayesian rule, which will be described separately below.

[0047] 1) Design a weak classifier for continuous features

[0048] Let the training sample x i marked as y i ∈{+1,-1}, the value of a continuous feature f is x if . We want to find a value θ in the value domain of this feature * To optimally split the value domain, that is:

[0049] θ * = arg min ...

Embodiment 2

[0061] Embodiment 2: Select 3 features from 41 features and combine them together, randomly select a subset from the training sample set for each combination, and use the support vector machine algorithm to obtain a weak classifier. Then, you can get a total of C 41 3 = 21320 a weak classifier. That is, the size of the generated weak classifier group is 21320.

Embodiment 3

[0062] Embodiment 3: The weak classifier group may not be generated in advance, but may be generated in each cycle of the improved Adaboost algorithm. The sample weight of the current cycle of the improved Adaboost algorithm is used as an estimate of the probability of the sample, and according to the C4.5 algorithm of the decision tree, all values ​​​​of each feature under all 41-dimensional features are examined to find the optimal split point to generate The next level of tree nodes. In general, we split the decision tree at no more than three levels.

[0063] According to the present invention, the step of generating a strong classifier: on the basis of the step of generating a weak classifier, use the improved Adaboost algorithm to select a part of weak classifiers from the weak classifier group and calculate the weight of the weak classifiers, and integrate the strong Classifier.

[0064] Using the improved Adaboost algorithm, that is, in each cycle, the current optima...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The disclosed NID method based on modified adaptive boost (Adaboost) algorithm comprises: connecting data with original network, extracting network connection behavior feature, and marking much training sample; according to pre-process result, providing a set of feeble classifiers for Adaboost algorithm; training a strong classifier; inputting the extracted feature into the strong classifier, and deciding whether the network access is invading according to classifier result. This invention reduces complexity and time consumption, convenient to on-line re-train, and benefit to improve entire network utility.

Description

technical field [0001] The invention relates to the field of computer network security, in particular to Internet intrusion detection. Background technique [0002] Intrusion detection has always been a hot topic in the field of computer science. Since it was initiated by Denning in 1987, many methods have been proposed. It is generally believed that intrusion detection technology can be classified as follows. [0003] 1. The intrusion goes through two links, one is the transmission of data packets on the network, and the other is the arrival of data packets to the destination host, which causes a series of system calls in the host operating system. Therefore, from the perspective of network control, it can be divided into two categories: "host-based intrusion detection" (host-based) and "network-based intrusion detection" (network-based). [0004] Host-based intrusion detection uses various audit logs on a single host as data sources, and attempts to describe normal beha...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L12/24
Inventor 胡卫明胡卫
Owner INST OF AUTOMATION CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap