Skip to main content
QUICK REVIEW

[论文解读] An empirical evaluation for the intrusion detection features based on machine learning and feature selection methods

Mouhammd Alkasassbeh|arXiv (Cornell University)|Dec 27, 2017
Network Security and Intrusion Detection参考文献 25被引用 31
一句话总结

本文使用MIB数据集评估了机器学习与特征选择方法在入侵检测中的应用,采用BayesNet、MLP和SVM,并结合三种特征选择技术——Infogain、ReleifF和Genetic Search。Genetic Search方法与BayesNet结合实现了99.9%的准确率,显著提升了检测性能。

ABSTRACT

Despite the great developments in information technology, particularly the Internet, computer networks, global information exchange, and its positive impact in all areas of daily life, it has also contributed to the development of penetration and intrusion which forms a high risk to the security of information organizations, government agencies, and causes large economic losses. There are many techniques designed for protection such as firewall and intrusion detection systems (IDS). IDS is a set of software and/or hardware techniques used to detect hacker's activities in computer systems. Two types of anomalies are used in IDS to detect intrusive activities different from normal user behavior. Misuse relies on the knowledge base that contains all known attack techniques and intrusion is discovered through research in this knowledge base. Artificial intelligence techniques have been introduced to improve the performance of these systems. The importance of IDS is to identify unauthorized access attempting to compromise confidentiality, integrity or availability of the computer network. This paper investigates the Intrusion Detection (ID) problem using three machine learning algorithms namely, BayesNet algorithm, Multi-Layer Perceptron (MLP), and Support Vector Machine (SVM). The algorithms are applied on a real, Management Information Based (MIB) dataset that is collected from real life environment. To enhance the detection process accuracy, a set of feature selection approaches is used; Infogain (IG), ReleifF (RF), and Genetic Search (GS). Our experiments show that the three feature selection methods have enhanced the classification performance. GS with bayesNet, MLP and SVM give high accuracy rates, more specifically the BayesNet with the GS accuracy rate is 99.9%.

研究动机与目标

  • 通过机器学习与特征选择提升入侵检测系统的准确率。
  • 评估不同特征选择方法对IDS性能的影响。
  • 评估BayesNet、MLP和SVM在检测网络入侵方面的有效性。
  • 识别实现高准确率检测的最佳算法与特征选择组合。
  • 在真实世界的管理信息基(MIB)数据集上验证该方法。

提出的方法

  • 采用三种机器学习算法:BayesNet、多层感知机(MLP)和支持向量机(SVM)。
  • 应用三种特征选择方法:Infogain(IG)、ReleifF(RF)和Genetic Search(GS),以降低维度并提升性能。
  • 使用从实际网络环境收集的真实MIB数据集进行训练与测试。
  • 以准确率为首要指标,评估所有算法-特征选择组合的分类性能。
  • 通过选择对入侵检测有贡献的最相关特征,优化模型性能。
  • 比较每种算法与每种特征选择方法组合的检测准确率。

实验结果

研究问题

  • RQ1在入侵检测中,哪种机器学习算法——BayesNet、MLP或SVM——能实现最高的检测准确率?
  • RQ2不同的特征选择方法(IG、RF、GS)如何影响入侵检测系统的性能?
  • RQ3哪种机器学习算法与特征选择技术的组合能最大化检测准确率?
  • RQ4特征选择在多大程度上提升了IDS模型的分类性能?
  • RQ5Genetic Search方法在检测准确率方面是否优于其他特征选择技术?

主要发现

  • Genetic Search(GS)与BayesNet结合实现了最高的99.9%检测准确率。
  • 所有三种特征选择方法——Infogain、ReleifF和Genetic Search——均提升了机器学习模型的分类性能。
  • BayesNet与Genetic Search的组合在所有算法-特征选择组合中表现最优。
  • 使用特征选择技术显著提升了检测准确率,证实了其在IDS中的价值。
  • 结果表明,特征选择对于提升入侵检测系统的效率与准确率至关重要。
  • MIB数据集在评估基于机器学习的入侵检测系统时,能有效反映真实网络行为。

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。