基于流量异常分析多维优化的入侵检测方法

In the process of detecting and preventing various network anomaly behaviors, intrusion detection system is facing the problem of low accuracy and high false alarm rate due to the massive and high-dimensional traffic data. An intrusion detection method based on multi-dimensional optimization of traffic anomaly analysis is proposed, in which both horizontal and vertical dimensions of intrusion detection dataset are optimized. In horizontal dimensions optimization, those categories with a large number are sampled and the optimal sampling proportion parameters of each category are obtained by genetic algorithm. Data equalization is accomplished. In vertical dimensions optimization, combining with the correlation analysis of features with label, recursive features addition algorithm is adopted to select features, and the average recall is proposed to evaluate the effect of features selection. The low-dimensional and high-efficient training data set is achieved. Based on optimized intrusion detection dataset, the random forest classifier is obtained by training dataset, and the real data set UNSW_NB15 is used to evaluate and validate the proposed method. Compared with other algorithms, the proposed algorithm has high accuracy and low false alarm rate, and effective recall rate on attack category is obtained.