Hu Weiming, Hu Wei, Maybank Steve
National Laboratory of Pattern Recognition, Institute of Automation, Chinese Academy of Sciences, Beijing, China.
IEEE Trans Syst Man Cybern B Cybern. 2008 Apr;38(2):577-83. doi: 10.1109/TSMCB.2007.914695.
Network intrusion detection aims at distinguishing the attacks on the Internet from normal use of the Internet. It is an indispensable part of the information security system. Due to the variety of network behaviors and the rapid development of attack fashions, it is necessary to develop fast machine-learning-based intrusion detection algorithms with high detection rates and low false-alarm rates. In this correspondence, we propose an intrusion detection algorithm based on the AdaBoost algorithm. In the algorithm, decision stumps are used as weak classifiers. The decision rules are provided for both categorical and continuous features. By combining the weak classifiers for continuous features and the weak classifiers for categorical features into a strong classifier, the relations between these two different types of features are handled naturally, without any forced conversions between continuous and categorical features. Adaptable initial weights and a simple strategy for avoiding overfitting are adopted to improve the performance of the algorithm. Experimental results show that our algorithm has low computational complexity and error rates, as compared with algorithms of higher computational complexity, as tested on the benchmark sample data.
网络入侵检测旨在区分对互联网的攻击与互联网的正常使用。它是信息安全系统中不可或缺的一部分。由于网络行为的多样性和攻击方式的快速发展,有必要开发基于机器学习的快速入侵检测算法,以实现高检测率和低误报率。在本通信中,我们提出了一种基于AdaBoost算法的入侵检测算法。在该算法中,决策树桩用作弱分类器。为分类特征和连续特征都提供了决策规则。通过将连续特征的弱分类器和分类特征的弱分类器组合成一个强分类器,自然地处理了这两种不同类型特征之间的关系,无需在连续特征和分类特征之间进行任何强制转换。采用了自适应初始权重和一种简单的避免过拟合的策略来提高算法的性能。实验结果表明,在基准样本数据上进行测试时,与计算复杂度较高的算法相比,我们的算法具有较低的计算复杂度和错误率。
