摘要
基于机器学习的网络异常检测方法是入侵检测领域的重要研究内容.传统的机器学习方法需要大量的已标记样本对分类器进行训练,然而已标记样本通常较难获取,导致分类器训练困难;此外单分类器训练面临难以消除的分类偏向性和检测孔洞.针对上述问题,本文提出了一种基于多分类器协同训练的异常检测方法MCAD,该方法利用少量的已标记样本和大量的未标记样本对多个分类器进行协同训练,以减少分类的偏向性和检测孔洞.对比实验采用经典的网络异常检测数据集KDD CUP99对MCAD的异常检测性能进行验证。实验结果表明,MCAD有效地降低了检测器训练代价,提高了网络异常检测性能.
The network anomaly detection method based on machine learning is an important field in the study of intrusion detection. Many labeled samples are needed to train classifiers in the traditional machine learning algorithms, however, usually labeled samples are hard to collect, resulting difficult in the training of classifiers;furthermore, the classification bias and detection holes, facing by single classifier, can hardly be overcome. To solve these problems, in the paper, an anomaly detection method based on the cotraining of multi classifiers MCAD is proposed. In MCAD little number of labeled samples to- gether with many unlabeled samples are employed to cotrain multi classifiers to reduce the classification bias and detection holes. The classical network anomaly detection data set KDD CUP99 is utilized in the comparison experiments to test MCAD, and the results demonstrate that the training cost of MCAD is much reduced, while the network anomaly detection performance is improved.
出处
《四川大学学报(自然科学版)》
CAS
CSCD
北大核心
2012年第2期329-334,共6页
Journal of Sichuan University(Natural Science Edition)
基金
国家自然科学基金(61173159)
四川大学青年教师科研启动基金(2011SCU11086)
关键词
网络安全
入侵检测
异常检测
协同训练
Network security, intrusion detection, anomaly detection, cotraining