Font Size: a A A

Research On Multi-layer Hybrid Intrusion Detection Method Based On Fuzzy Rough Set

Posted on:2024-07-18Degree:MasterType:Thesis
Country:ChinaCandidate:X F JiaFull Text:PDF
GTID:2568307151467464Subject:Computer technology
Abstract/Summary:PDF Full Text Request
In recent years,with the diversification of network intrusion methods and the emergence of massive data,how to discover intrusion behavior from large-scale data has become a hot spot in current technical research.However,the traditional intrusion detection technology has certain classification performance limitations when dealing with massive,high-dimensional and category-imbalanced data.Therefore,this paper proposes a method of intrusion detection based on fuzzy rough set feature selection and multi-layer hybrid detection algorithm.The work of this paper mainly includes the following contents:Firstly,the high-dimensional and massive features of current data lead to the degradation of classifier performance.To solve this problem,this paper proposes a rough set theory based on fuzzy uncertainty measure and a feature extraction method CFS-FR based on symmetric uncertainty theory,which considers the correlation between features and the relationship between features and classification labels,and can guarantee the approximate feature set without changing the classification effect.Secondly,for the problem of class imbalance and high false positive rate,this paper proposes a multi-layer hybrid intrusion detection method,which combines misuse detection and anomaly detection methods to improve detection performance.Firstly,the misuse detection is used to classify the data,and the normal traffic data is filtered out,so as to alleviate the class imbalance between normal traffic and anomalies,and reduce the complexity of model training.All combinations of minority attack classes are regarded as one class,and the majority attack classes and combined minority attack classes are identified by the anomaly detection method DNN,so as to reduce the class imbalance between the majority attack classes and the minority attack classes.The use of misuse and anomaly detection to identify normal traffic reduces the false positive rate of normal traffic.Again,the Borderline-SMOTE method is used to oversample within the combined few attack classes,complete with class imbalance processing between the few classes,and the unsupervised algorithm One-Class-SVM is used to perform multiple classification of the few classes.The method improves the detection rate of attacks through hierarchical class imbalance processing and training detection.Finally,experiments are conducted on the NSL-KDD and UNSW-NB15 datasets to compare the feature selection algorithm and classification method proposed in this paper with the same type of algorithms for experimental analysis,respectively.
Keywords/Search Tags:Intrusion Detection, Misuse Detection, Anomaly Detection, Feature Selection, Class Imbalance
PDF Full Text Request
Related items