CAJ | 학술논문

提出一种基于智能体进化计算框架与遗传模糊规则挖掘的异常入侵检测方法.通过应用模糊集分布策略、解释性的控制策略和模糊规则生成策略,实现了Agent之间的模糊集信息交换,从而有效地从网络数据中抽取正确的、可解释的模糊IF-THEN分类规则,优化了模糊系统的可解释性,并提高了系统的紧凑性.采用KDD-Cup99数据集进行测试,并与现有方法进行了比较,结果表明该方法对R2L的攻击检测性能稍弱,对DoS、Probe和U2R的攻击均具有较高的分类精度与较低的误报率.
제출일충기우지능체진화계산광가여유전모호규칙알굴적이상입침검측방법.통과응용모호집분포책략、해석성적공제책략화모호규칙생성책략,실현료Agent지간적모호집신식교환,종이유효지종망락수거중추취정학적、가해석적모호IF-THEN분류규칙,우화료모호계통적가해석성,병제고료계통적긴주성.채용KDD-Cup99수거집진행측시,병여현유방법진행료비교,결과표명해방법대R2L적공격검측성능초약,대DoS、Probe화U2R적공격균구유교고적분류정도여교저적오보솔.
A genetic-fuzzy rule mining approach applied to anomaly intrusion detection was proposed, with an Agent-based evolutionary computing framework. Due to the exchanging of fuzzy sets information among the fuzzy sets Agents, accurate and interpretable fuzzy IF-THEN rules could be extracted from network traffic data for optimizing the interpretability and improving the compactivity of the fuzzy systems, by using three strategies including fuzzy sets distribution, interpretable regulation and fuzzy rules generation. All the training and testing datasets were based on the KDD CUP 99 intrusion detection benchmark data set. Compared with the current methods, the experimental results show that the proposed approach can provide higher detection accuracy and lower false alarm rate for DoS, Probe and U2R attacks with a slightly poorer performance for R2L attacks.