CAJ | 학술논문

针对现有的网络入侵检测算法对少数类攻击的检测存在高误报率和漏报率的问题,在对稀有类分类技术研究的基础上,将集成学习应用到入侵检测中.采用基于负载均衡策略的入侵检测模型,把网络数据包按协议类型进行分流,对每个子集用AdaBoost算法提升C4.5弱分类器的方法进行分类,在KDD'99数据集上进行仿真实验,结果表明该方法可有效提高系统的检测率.
침대현유적망락입침검측산법대소수류공격적검측존재고오보솔화루보솔적문제,재대희유류분류기술연구적기출상,장집성학습응용도입침검측중.채용기우부재균형책략적입침검측모형,파망락수거포안협의류형진행분류,대매개자집용AdaBoost산법제승C4.5약분류기적방법진행분류,재KDD'99수거집상진행방진실험,결과표명해방법가유효제고계통적검측솔.
There is a very high false positive rate and false negative rate to rare events in the existing network intrusion detection system. Based on the research of technology to classify rare classes, an approach based on ensemble learning is proposed. Taking the model of load balancing intrusion detection, it splits the packets into small according to the type of protocols, and applies AdaBoost algorithm by using C4.5 weak learner to each dataset. Experimental results over the KDD'99 datasets show that the proposed approach can improve detection performance for rare classes.