一种基于信息论模型的入侵检测特征提取方法

An Intrusion Detection Feature Extraction Method Based on Information Theory Model

  • 摘要: 在网络入侵检测中,由于原始数据特征维度高和冗余特征多,导致入侵检测系统的存储负担增加,检测分类器性能降低。针对该问题本文提出了一种基于信息论模型的入侵检测特征提取方法。它以具有最大信息增益的特征为搜索起点,利用搜索策略和评估函数迭代调整数据集分类标记、已选取特征子集和候选特征三者之间的相关度,最后通过终止条件确定选取特征子集。以入侵检测样本数据集为实验数据,将该方法选取的特征向量运用到支持向量机分类算法中,在特征维度大幅度降低的情况下,检测精度变化很小。实验结果证明了本方法的有效性。

     

    Abstract: In the network intrusion detection, because of the high dimensionality and redundant features of the original data, the storage burden of the intrusion detection system is increased, and the performance of the classifier is reduced. Aiming at this problem, this paper proposes an intrusion detection feature extraction method based on information theory model. The method starts with the feature of maximum information gain, and then iteratively adjusts the correlation among the classification mark of the data set, selected feature subset and candidate feature by search strategies and evaluation functions. Finally, the feature subset is determined by terminating conditions. In the experiment, we chose sample dataset for intrusion detection as the experimental data, and apply feature vector selected by the method to the support vector machine classification algorithm. It is found that the detection accuracy is almost unchanged, in the case that the dimension of the feature is greatly reduced. The results show the validity of the method.

     

/

返回文章
返回