[1]汪祖民,王冬昊,梁霞,等.基于DBSCAN_GAN_XGBoost的网络入侵检测方法[J].郑州大学学报(工学版),2022,43(03):44-51.[doi:10.13705/j.issn.1671-6833.2022.03.006]
 Wang Zumin,Wang Donghao,Liang Xia,et al.Network Intrusion Detection Method on DBSCAN_GAN_XGBoost[J].Journal of Zhengzhou University (Engineering Science),2022,43(03):44-51.[doi:10.13705/j.issn.1671-6833.2022.03.006]
点击复制

基于DBSCAN_GAN_XGBoost的网络入侵检测方法()
分享到:

《郑州大学学报(工学版)》[ISSN:1671-6833/CN:41-1339/T]

卷:
43卷
期数:
2022年03期
页码:
44-51
栏目:
出版日期:
2022-04-10

文章信息/Info

Title:
Network Intrusion Detection Method on DBSCAN_GAN_XGBoost
作者:
汪祖民王冬昊梁霞邹启杰秦静高兵
大连大学信息工程学院;辽宁轻工职业学院信息工程系;大连大学软件工程学院;

Author(s):
Wang Zumin; Wang Donghao; Liang Xia; Zou Qijie; Qin Jing; High Soldiers;
School of Information Engineering, Dalian University; Department of Information Engineering, Liaoning Vocational College of Light Engineering; School of Software Engineering, Dalian University;

关键词:
Keywords:
DOI:
10.13705/j.issn.1671-6833.2022.03.006
文献标志码:
A
摘要:
:由于网络异常流量检测中异常流量数据占比不平衡,导致模型不能对稀有攻击类别流量进行充分学习,从而影响模型训练和检测精度。针对这一问题,提出一种基于DBSCAN_GAN_XCBoost 的网络入侵检测模型,该模型在对稀有攻击类样本进行扩充时,着重扩充更容易让机器学习产生混淆的噪声样本。首先,利用DBSCAN算法对提取出的稀有攻击类别数据进行聚类处理,生成一个或多个子簇,并提取出簇内样本和游离在簇外的噪声样本然后,使用生成对抗网络模型对提取出的簇内样本和噪声样本分别进行样本扩充,改变数据集中原有的样本比例最后,使用重新构建后的数据集对以决策树作为基分类器的XGBoost算法进行训练,并完成网络异常流量数据的检测。采用UNSW-NB15数据集进行对比实验,实验结果表明:DBSCAN_GAN_XCBoost模型的准确率和精确率分别为98.76%和96.5% ,比样本扩充前分别提高了15.63百分点和19.60百分点,有效地提高了稀有攻击类别的检测精度。
Abstract:
Due to the unbalanced proportion of abnormal traffic data in network abnormal traffic detection,themodel could not fully learn rare attack traffic,which might affect the model training and detection accuracTo solve this problem, a network intrusion detection model based on DBSCAN_GAN_XCBoost was proposedWhen the model expanded rare attack samples,it focused on the noise samples that could more likely cauconfusion in machinme learning. Firstly ,the DBSCAN algorithm was used to cluster the extracted rare attacdata categories to generate one or more sub-clusters,and then the samples inside the cluster and the noi:samples outside the cluster were extracted. Then , the generative adversarial network model was used to expandthe extracted in-cluster samples and noise samples respectively , and to change the original sample proportioxFinally , the reconstructed data set was used to train the XGBoost algorithm based on decision tree classifieand a complete the detection of abnormal network traffic data. UNSW-NB15 data set was used for comparatiexperiment , and the experimental results showed that the accuracy , and accuracy of DBSCAN_GAN_XGBoostmodel were 98.76% and 96.5% respectively,which were 15.63 percentage points and 19.60 percentitage points higher than that before sample expansion ,and effectively improved the detection accuracy of rare attaccategories.
更新日期/Last Update: 2022-05-02