CAJ | 학술논문

针对基于机器学习网络入侵检测存在的未知攻击检测率低、规则多而复杂导致检测效率不高等问题,提出了基于约束的基因表达式编程(GEP)规则提取算法(CGREA).用GEP模式表示入侵检测规则,定义了约束文法对规则个体进行约束,以满足规则的充分性和封闭性.CGREA算法限定GEP规则基因头部各类符号的随机选择数目比例.并采用精英策略以保证算法收敛性.用KDDCUP'99数据集对CGREA算法提取的入侵检测规则进行评估,总攻击检测率为91.36%,其中有3种未知攻击的检测率超过88%.结果表明,CGREA算法能在较小种群和有限代数内提取出简单而有效的规则,未知攻击检测率和检测性能也得到提高.
침대기우궤기학습망락입침검측존재적미지공격검측솔저、규칙다이복잡도치검측효솔불고등문제,제출료기우약속적기인표체식편정(GEP)규칙제취산법(CGREA).용GEP모식표시입침검측규칙,정의료약속문법대규칙개체진행약속,이만족규칙적충분성화봉폐성.CGREA산법한정GEP규칙기인두부각류부호적수궤선택수목비례.병채용정영책략이보증산법수렴성.용KDDCUP'99수거집대CGREA산법제취적입침검측규칙진행평고,총공격검측솔위91.36%,기중유3충미지공격적검측솔초과88%.결과표명,CGREA산법능재교소충군화유한대수내제취출간단이유효적규칙,미지공격검측솔화검측성능야득도제고.
Network intrusion detection based on machine learning suffers from the problems of low detection ratio for unknown intrusion and low detection efficiency due to many complex rules.To solve these problems, a constraint-based gene expression programming (GEP) rule extraction algorithm (CGREA) was proposed.The intrusion detection rules were represented based on GEP model, and a constraint grammar was defined to guarantee the rules closeness and ade-quacy.It restricted the ratio of randomly selecting various symbols in the gene head of GEP rules, and used the elitist strategy to guarantee convergene.The KDD CUP' 99 DATA Set was used for evaluation the intrusion detection rules auto-extracted by CGREA.A 91% probability of detection was achieved, and three unknown attacks' probabilities of detection were more than 88 %.These results indicate that the intrusion detection rules that extracted by CGREA are effective, simple,and capable of detecting unknown intrusions.Moreover, the efficiency of rule generation and detection is improved.