信息安全研究 ›› 2019, Vol. 5 ›› Issue (2): 152-156.

• 学术论文 • 上一篇    下一篇

基于LightGBM的网络入侵检测系统

莫坤,王娜,李恒吉,李朝阳,李剑   

  1. 北京邮电大学计算机学院
  • 收稿日期:2019-02-14 出版日期:2019-02-15 发布日期:2019-02-14
  • 通讯作者: 莫坤

Network Intrusion Detection System Model Based on LightGBM

  • Received:2019-02-14 Online:2019-02-15 Published:2019-02-14

摘要: 入侵检测系统(intrusion detection system, IDS)是一种能够发现疑似入侵行为并采取相应措施的网络安全设备.现有IDS通常采用传统的常用机器学习算法和简单的深度学习算法,但始终难以避免训练速度慢、准确率不够高的缺点.针对这种情况,提出了一种基于LightGBM算法的网络入侵检测系统,对疑似入侵行为样本进行准确分类,该方法可以对数据进行采样从而极大地减小了数据计算量.使用入侵检测系统的标准数据集KDD99数据集,准确率达到94.7%,训练时间缩短至422s.实验结果表明:基于LightGBM算法的网络入侵检测系统相较于常用算法在取得更高准确率的同时训练模型的速度也提高10倍左右.

关键词: 入侵检测系统, 多分类算法, 基于梯度的单边采样, 互斥特征捆绑, 神经网络

Abstract: Intrusion detection system (IDS) is one class of network security device which can discovered suspected intrusion and take corresponding measures for captured traffic which is suspected of intrusion. The existing IDS is usually based on traditional machine learning or simple deep learning algorithms. However, these are too slow in training phase and has not achieved the expected detetion rate.Under these circumstances, this paper proposes a network IDS based on LightGBM. This algorithm can sample the datas and features, which are much less computationally intensive. In this experiment, the accuracy rate reached 94.7% and the training time was shortened to 422 seconds with KDD99 dataset. The experimental results show that LightGBM is at least ten times faster than the common algorithm in training phase, while the accuracy rate ishigher than the existing algorithms.

Key words: intrusion detection system (IDS), multiclassification algorithm, gradientbased oneside sampling, exclusive feature bundling, neural networks