Liu Jia, Yinchai Wang, Siong Teh Chee, Li Xinjin, Zhao Liping, Wei Fengrui
Faculty of Computer Science and Technology, University Malaysia Sarawak, 89007, Sarawak, Malaysia.
School of Big Data, Weifang Institute of Technology, Weifang, 262500, China.
Sci Rep. 2022 Dec 1;12(1):20770. doi: 10.1038/s41598-022-23765-x.
For generating an interpretable deep architecture for identifying deep intrusion patterns, this study proposes an approach that combines ANFIS (Adaptive Network-based Fuzzy Inference System) and DT (Decision Tree) for interpreting the deep pattern of intrusion detection. Meanwhile, for improving the efficiency of training and predicting, Pearson Correlation analysis, standard deviation, and a new adaptive K-means are used to select attributes and make fuzzy interval decisions. The proposed algorithm was trained, validated, and tested on the NSL-KDD (National security lab-knowledge discovery and data mining) dataset. Using 22 attributes that highly related to the target, the performance of the proposed method achieves a 99.86% detection rate and 0.14% false alarm rate on the KDDTrain+ dataset, a 77.46% detection rate on the KDDTest+ dataset, which is better than many classifiers. Besides, the interpretable model can help us demonstrate the complex and overlapped pattern of intrusions and analyze the pattern of various intrusions.
为了生成一种可解释的深度架构来识别深度入侵模式,本研究提出了一种将自适应网络模糊推理系统(ANFIS)和决策树(DT)相结合的方法,用于解释入侵检测的深度模式。同时,为了提高训练和预测效率,使用皮尔逊相关分析、标准差和一种新的自适应K均值来选择属性并进行模糊区间决策。所提出的算法在NSL-KDD(国家安全实验室-知识发现与数据挖掘)数据集上进行了训练、验证和测试。使用与目标高度相关的22个属性,该方法在KDDTrain+数据集上的检测率达到99.86%,误报率为0.14%,在KDDTest+数据集上的检测率为77.46%,优于许多分类器。此外,可解释模型可以帮助我们展示入侵的复杂和重叠模式,并分析各种入侵的模式。
