基于LightGBM的网络入侵检测系统

摘要/Abstract

摘要： 入侵检测系统(intrusion detection system, IDS)是一种能够发现疑似入侵行为并采取相应措施的网络安全设备.现有IDS通常采用传统的常用机器学习算法和简单的深度学习算法，但始终难以避免训练速度慢、准确率不够高的缺点.针对这种情况，提出了一种基于LightGBM算法的网络入侵检测系统，对疑似入侵行为样本进行准确分类，该方法可以对数据进行采样从而极大地减小了数据计算量.使用入侵检测系统的标准数据集KDD99数据集，准确率达到94.7%，训练时间缩短至422s.实验结果表明：基于LightGBM算法的网络入侵检测系统相较于常用算法在取得更高准确率的同时训练模型的速度也提高10倍左右.

关键词: 入侵检测系统, 多分类算法, 基于梯度的单边采样, 互斥特征捆绑, 神经网络

Abstract: Intrusion detection system (IDS) is one class of network security device which can discovered suspected intrusion and take corresponding measures for captured traffic which is suspected of intrusion. The existing IDS is usually based on traditional machine learning or simple deep learning algorithms. However, these are too slow in training phase and has not achieved the expected detetion rate.Under these circumstances, this paper proposes a network IDS based on LightGBM. This algorithm can sample the datas and features, which are much less computationally intensive. In this experiment, the accuracy rate reached 94.7% and the training time was shortened to 422 seconds with KDD99 dataset. The experimental results show that LightGBM is at least ten times faster than the common algorithm in training phase, while the accuracy rate ishigher than the existing algorithms.

Key words: intrusion detection system (IDS), multiclassification algorithm, gradientbased oneside sampling, exclusive feature bundling, neural networks

莫坤王娜李恒吉李朝阳李剑. 基于LightGBM的网络入侵检测系统[J]. 信息安全研究, 2019, 5(2): 152-156.

参考文献

Kenkre P S, Pai A, Colaco L. Real time intrusion detection and prevention system[C]//Proceedings of the 3rd International Conference on Frontiers of Intelligent Computing: Theory and Applications (FICTA) 2014. Cham: Springer, 2015: 405-411 [2] Anderson J P. Computer security threat monitoring and surveillance[R].Co Fort Washington PA:James P. Anderson Company, 1980 [3] Bai Yuebin, Kobayashi H. Intrusion detection systems: technology and development[C]//Advanced Information Networking and Applications, 2003. AINA 2003.17th International Conference on. IEEE, 2003: 710-715 [4] Sabhnani M, Serpen G. Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context[C]// International Conference on Machine Learning; Models, Technologies and Applications. Las Vegas, Nevada: DBLP, 2003:209-215 [5] Mahmood H A. Network Intrusion Detection System (NIDS) in Cloud Environment based on Hidden Naïve Bayes Multiclass Classifier[J]. Al-Mustansiriyah Journal of Science, 2018, 28(2): 134-142 [6] Nguyen S N, Nguyen V Q, Choi J, et al. Design and implementation of intrusion detection system using convolutional neural network for DoS detection[C]//Proceedings of the 2nd International Conference on Machine Learning and Soft Computing. New York: ACM, 2018: 34-38 [7] Mukkamala S, Janoski G, Sung A. Intrusion detection: support vector machines and neural networks[C]//proceedings of the IEEE International Joint Conference on Neural Networks (ANNIE), St. Louis, MO. 2002: 1702-1707 [8] Osuna E, Freund R, Girosit F. Training support vector machines: an application to face detection[C]//Computer vision and pattern recognition, 1997. Proceedings., 1997 IEEE computer society conference on. IEEE, 1997: 130-136 [9] Zhang Chunlin, Jiang Ju, Kamel M. Intrusion detection using hierarchical neural networks[J]. Pattern Recognition Letters, 2005, 26(6): 779-791 [10] Liu Yuchen, Liu Shengli, Zhao Xing. Intrusion Detection Algorithm Based on Convolutional Neural Network[J]. Beijing LigongDaxueXuebao/transaction of Beijing Institute of Technology, 2017, 37(12):1271-1275 [11] Aslahi-Shahri B M, Rahmani R, Chizari M, et al. A hybrid method consisting of GA and SVM for intrusion detection system[J]. Neural computing and applications, 2016, 27(6): 1669-1676 [12] KeGuolin, Meng Qin, Finley T, et al. Lightgbm: A highly efficient gradient boosting decision tree[C]//Advances in Neural Information Processing Systems.Long Beach, CA: NIPS, 2017: 3146-3154 [13] Jensen T R, Toft B. Graph coloring problems[M]. Hoboken, NJ:John Wiley & Sons, 2011 [14] Lee W, Stolfo S J. A framework for constructing features and models for intrusion detection systems[J]. Acm Transactions on Information & System Security, 2000, 3(4):227-261 [15] Wang Ming, Li Jian. Network Intrusion Detection Model Based on Convolutional Neural Network[J]. Journal of Information Security Research, 2017, 3(11):990-994 [16] Moustafa N, Slay J. The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J]. Information Security Journal: A Global Perspective, 2016, 25(1-3): 18-31 [17] Polikar R. Ensemble learning[M]//Ensemble machine learning. Boston, MA: Springer, 2012: 1-34 [18] Lee K B, Goo H W. Quantitative Image Quality and Histogram-Based Evaluations of an Iterative Reconstruction Algorithm at Low-to-Ultralow Radiation Dose Levels: A Phantom Study in Chest CT[J]. Korean Journal of Radiology, 2018, 19(1): 119-129 [19] Cheong S, Oh S H, Lee S Y. Support vector machines with binary tree architecture for multi-class classification[J]. Neural Information Processing-Letters and Reviews, 2004, 2(3): 47-51

[1]	范晓霞周安民郑荣锋李孟铭. 基于深度学习的暗网市场命名实体识别研究[J]. 信息安全研究, 2021, 7(1): 37-43.
[2]	张行. 人工智能在手写签字鉴定应用中的研究[J]. 信息安全研究, 2020, 6(7): 622-633.
[3]	张泽樊江伟周南. 基于MEA-LVQ的网络态势预测模型 [J]. 信息安全研究, 2020, 6(6): 0-0.
[4]	王兴凤黄琨茗张文杰. 基于API序列和卷积神经网络的恶意代码检测[J]. 信息安全研究, 2020, 6(3): 212-219.
[5]	杨频潘岳镭贾鹏刘亮. 基于汇编指令词向量特征的恶意软件检测研究[J]. 信息安全研究, 2020, 6(2): 113-121.
[6]	涂闯李历铨. 信息安全视角下手机回收模式研究[J]. 信息安全研究, 2020, 6(1): 67-78.
[7]	吕佩吾葛雅川李楠周彦飞. 基于卷积神经网络的工控协议Modbus TCP 异常检测[J]. 信息安全研究, 2019, 5(7): 635-638.
[8]	张生顺. 基于深度自编码器的网络安全态势预测[J]. 信息安全研究, 2019, 5(7): 644-648.
[9]	李创丰李云龙孙伟. 基于CNN和朴素贝叶斯方法的安卓恶意应用检测算法[J]. 信息安全研究, 2019, 5(6): 470-476.
[10]	刘星. 融合局部语义信息的多模态舆情分析模型[J]. 信息安全研究, 2019, 5(4): 340-345.
[11]	陈华钧耿玉霞叶志权邓淑敏. “知识图谱+深度学习”赋能内容安全[J]. 信息安全研究, 2019, 5(11): 975-980.
[12]	邓旭冉李灵慧唐胜张勇东. 图像内容自动描述技术综述[J]. 信息安全研究, 2019, 5(11): 988-992.
[13]	梁嘉骏. 基于深度学习的人脸安全认证：现状与挑战[J]. 信息安全研究, 2019, 5(11): 1008-1012.
[14]	郗桐金昊徐根炜周金岭. 基于卷积神经网络的Android恶意应用检测方法[J]. 信息安全研究, 2018, 4(8): 715-721.
[15]	王瑞李芯蕊马双斌. 基于PSO-SVR的网络态势预测模型[J]. 信息安全研究, 2018, 4(8): 734-738.