Research On Software Behavior Anomaly Detection Method Based On MRBBO-iForest

Whether the software is trustworthy mainly refers to whether the behavior generated by the software is credible,and whether the software behavior is credible can detect the behavior information and results generated by the software when the software is running,and take corresponding measures according to the detection result to prevent the possible occurrence of Malicious behavior actively.So far,some researchers have conducted research on software behavior anomaly detection and proposed many solutions,but there are problems such as low accuracy of detection and narrow application range.As an anomaly detection algorithm,the Isolation Forest algorithm utilizes the characteristics of less abnormal data and distinctive features.By dividing the data objects and judging the path length,the abnormal data is separated from the normal data quickly,which has better anomaly detection effect.Based on the traditional BBO algorithm,this paper proposes a multi-ring hierarchical biogeography optimization algorithm,which uses its strong global optimization and exploration ability to optimize the forest construction process of the isolated forest algorithm,and optimizes the isolated forest.The algorithm is used for software behavior anomaly detection.The paper mainly made the following research:Firstly,a multi-ring level biogeography optimization algorithm(MRBBO)is proposed by the traditional BBO algorithm,which has slow convergence speed,easy premature generation and poor global optimization ability.MRBBO changes the global topology to a local multi-ring hierarchy,and avoids premature convergence,and also improves its migration operator to improve the convergence speed and population diversity of the algorithm.Secondly,aiming at the problem of poor performance detection of existing software behavior anomaly detection algorithm,an isolated forest anomaly detection algorithm based on MRBBO algorithm(MRBBO-iForest)is proposed.Using the strong optimization performance of the MRBBO algorithm to optimize the isolated forest,and selecting the isolation tree with high detection accuracy and difference to form an isolated forest,avoiding the problem that the isolation tree detection performance is uneven,thereby improving the accuracy that using the isolated forest for software anomaly detection.Finally,the performance of the MRBBO and MRBBO-iForest algorithms is verified by experimental comparison.For the MRBBO algorithm,the performance of the algorithm is verified by comparing with BBO and DE/BBO algorithms,from the multiple optimization average results of the benchmark function,the robustness of the algorithm and the convergence in the iterative process.It shows that MRBBO has better optimization effect than BBO and DE/BBO algorithm,and it has faster convergence and better robustness.For the MRBBO-iForest anomaly detection algorithm,the software behavioral anomaly detection experiment is performed by using the open software running data set.Compared with the Isolation Forest,LOF,and RF algorithm anomaly detection results,the MRBBO-iForest anomaly detection accuracy is higher than others.