摘要
随着SDN网络应用的推广,SDN网络的安全也越来越受到重视,基于模式识别的网络入侵检测由于无法一次性收集完备的训练数据集,使得对未知的入侵行为识别率不高。为提高入侵检测系统的自适应性,提出了增量集成学习算法,并用该算法解决SDN入侵检测问题。该算法利用滑动窗口法获得数据块,对新的数据块进行训练获得子分类器,然后依据在历史数据块和当前数据块的分类结果筛选子分类器进行集成,使得分类模型不断完善从而能够自适应的识别未知攻击行为。通过在NSL-KDD数据集上的实验结果可以看到,该算法可以提高未知攻击的识别率。
With the popularization of SDN network application,the security of SDN network has been paid more and more attention.Because the network intrusion detection method based on pattern recognition cannot collect complete training dataset at one time,the recognition rate of intrusion detection model for unknown intrusion behavior is not high.In order to improve the adaptability of intrusion detection system,this paper proposes an incremental ensemble learning algorithm and uses it to solve the problem of SDN intrusion detection.The proposed algorithm uses sliding window method to obtain data blocks and trains data blocks to obtain sub classifiers.Then it selects sub-classifiers according to the classification results of historical data blocks and current data blocks for integration,so that the classification model is constantly improved and can identify unknown attack behavior adaptively.The experimental results on the NSL-KDD dataset show that the algorithm can improve the recognition rate of unknown attacks.
作者
陈昌娜
李昭桦
CHEN Chang-na;LI Zhao-hua(Guangzhou Power Supply Bureau Co.,Ltd.,Guangzhou,Guangdong 510600,China;Guangdong Electric Power Design Institute Co.,Ltd.,China Energy Construction Group,Guangzhou,Guangdong 510600,China)
出处
《计算技术与自动化》
2021年第3期177-183,共7页
Computing Technology and Automation
基金
广州供电局有限公司科技项目(GZHKJXM20170117)。
关键词
增量学习
集成学习
入侵检测
软件定义网络
incremental learning
ensemble learning
intrusion detection
software defined network
