摘 要:针对入侵检测中的实时性问题,提出了一种采用压缩近邻法的高效入侵检测模型。该模型能够用于精简训练集,从而加快入侵检测系统的训练及检测速度,提高了系统的实时性。为了对该模型的训练集精简效果和检测性能进行验证,采用著名的KDD CUP99公用数据集进行实验,并对比了该方法和其他入侵检测方法的检测效果和检测时间。结果表明,该模型能够在大幅降低训练集大小的情况下,提升入侵检测的实时性,并保持较好的检测效果,是一种高效的入侵检测模型。
关键词:压缩近邻法; 重复剪辑近邻法; 入侵检测; 训练集精简; 实时性
Highly effective intrusion detection model adopting condensed nearest neighbor rules
JIA Wei-feng1, DU Bao-jian1, TONG Bin2, ZHANG Feng-li2
(1.Anyang Normal University, Anyang Henan 455000, China; 2.School of Computer Science & Engineering, University of Electronic Science & Technology of China, Chengdu 610054, China)
Abstract:Aiming at the realtime problem for intrusion detection, this paper proposed a highly effective intrusion detection model adopting condensed nearest neighbor rules, named IDMCNN. IDMCNN could be used for training set reduction, which speeded up the training and detecting function for IDS and improved the realtime ability. To verify the performance of IDMCNN on the reduced training set and intrusion detection, performed experiments on famous public dataset KDD CUP99, performance and time consuming of intrusion detection between model proposed and compared other existing approaches among each other. Demonstrated IDMCNN is a highly effective intrusion detection model that keeps performance on detection with high realtime in such a case that the size of training set have been reduced in substantially great extent.......