Research On Intrusion Detection Approach Based On Incremental Learning And Ensemble Learning

In recent years,Intrusion Detection System(IDS)has been an important part of network security,and it has a broad application prospect.However,there are still some drawbacks in the current intrusion detection system,such as low detection accuracy,high false alarm rate and poor real-time performance,which makes it difficult to obtain satisfactory detection results in a short time.In order to solve these problems,intrusion detection methods based on machine learning have been widely concerned and studied.Decision tree algorithm has the following advantages: high classification accuracy,fast speed,and the model is easy to understand,and so on.Therefore,it is widely used in intrusion detection.However,the existing intrusion detection methods based on decision tree still have many problems to be solved.Firstly,most of these methods use static strategy to obtain decision rules.Whenever the data set changes,they need to rebuild the tree on the whole data set,which is difficult to deal with dynamic data effectively.Secondly,using a single decision tree may lead to errors and over-fitting problems,and the performance of the intrusion detection model is often unsatisfactory.In view of the above problems,this thesis will study new decision tree algorithms which are more suitable for network intrusion detection,and use these algorithms to detect intrusion behaviors.Firstly,to solve the problem that the selection criteria of splitting attributes in existing decision tree algorithms are not suitable,a decision tree algorithm DTGDE is proposed on the basis of granularity decision entropy.We apply DTGDE to intrusion detection.Secondly,we make an improvement on DTGDE from the perspective of incremental learning and propose an incremental decision tree algorithm IDTGDE based on the granularity decision entropy to process dynamic data in an effective manner.We apply IDTGDE to intrusion detection.Thirdly,a decision forest algorithm DFGDE based on the granularity decision entropy is proposed from the perspective of ensemble learning to address problems of errors and over-fitting that single decision tree may cause.It is also applied to intrusion detection.The main researches of this thesis are as follows:(1)Decision tree algorithm based on granularity decision entropy and its application to intrusion detectionThe existing decision tree algorithms have problems such as inappropriate selection criteria for splitting attributes and a large number of repetition in sub-trees.In this thesis,we propose a decision tree algorithm DTGDE based on granularity decision entropy,by combining the two concepts in rough sets: roughness and knowledge granularity.We apply DTGDE to intrusion detection.In DTGDE,the granularity decision entropy is used as the selection criteria for splitting attributes.Compared with the existing information entropy model,the granularity decision entropy can effectively measure both the completeness and the granularity of knowledge.Therefore,granularity decision entropy is used to select splitting attributes,which can examine the contribution of each attribute to the decision classification in a more comprehensive manner.The experimental results show that DTGDE has better intrusion detection performance compared to those existing decision tree algorithms.In addition,it also has a high efficiency in intrusion detection.(2)Incremental decision tree algorithm based on granularity decision entropy and its application to intrusion detectionIn view of the problems of the existing incremental decision tree algorithms,such as unreasonable splitting attribute selection criteria and low efficiency in processing dynamic data,this thesis improves the algorithm DTGDE proposed in(1)from the perspective of incremental learning,and proposes an incremental decision tree algorithm IDTGDE based on granularity decision entropy.IDTGDE algorithm first creates an initial decision tree on the initial training set based on the granularity decision entropy model,and then uses the idea of incremental learning to process the incremental data effectively.In order to apply IDTGDE algorithm to intrusion detection better,we introduce three preprocessing mechanisms of original data before building decision tree.The experimental results show that IDTGDE algorithm not only has good intrusion detection performance,but also has very small computational overhead.(3)Decision forest algorithm based on granularity decision entropy and its application to intrusion detectionUsing a single decision tree may cause errors and over-fitting,while ensemble learning can effectively solve the problems discussed above.Ensemble classifiers can achieve better generalization ability than using only a single classifier.In order to establish a satisfactory intrusion detection model in a short time,this thesis improves the algorithm DTGDE proposed in(1)from the perspective of ensemble learning,and proposes a decision forest algorithm DFGDE which is based on granularity decision entropy.Firstly,DFGDE algorithm uses bootstrap sampling mechanism to generate multiple sampling sets.Secondly,random attribute selection is carried out on each sampling set,and a decision tree is constructed by using DTGDE algorithm.Finally,all the decision trees are combined into a decision forest by weighted voting.Experimental results show that DFGDE has better intrusion detection performance than the existing representative ensemble learning algorithms.In particular,the intrusion detection performance of DFGDE is better than that of DTGDE.