基于模糊理论与关联规则的入侵检测模型

doi:10.11959/j.issn.1000-0801.2019077

电信科学 ›› 2019, Vol. 35 ›› Issue (5): 59-69.doi: 10.11959/j.issn.1000-0801.2019077

基于模糊理论与关联规则的入侵检测模型

章坚武¹,黄佳森¹,周迪²

¹ 杭州电子科技大学，浙江杭州 310018
² 浙江宇视科技有限公司，浙江杭州 310018

修回日期:2019-05-01 出版日期:2019-05-20 发布日期:2019-05-21
作者简介:章坚武（1961- ），男，杭州电子科技大学通信工程学院教授、博士生导师，主要研究方向为移动互联网、多媒体通信技术、网络安全等。|黄佳森（1992- ），男，杭州电子科技大学通信工程学院硕士生，主要研究方向为数据挖掘、网络安全等。|周迪（1975- ），男，浙江宇视科技有限公司高级工程师、宇视研究院院长，主要研究方向为视频安全、人工智能等。
基金资助:
国家自然科学基金资助项目(61772162);国家自然科学基金资助项目(U1866209);国家重点研发计划经费资助项目(2016YFB0800201);浙江省自然科学基金资助项目(LY16F020016)

Intrusion detection model based on fuzzy theory and association rules

Jianwu ZHANG¹,Jiasen HUANG¹,Di ZHOU²

¹ Hangzhou Dianzi University,Hangzhou 310018,China
² Zhejiang Uniview Technologies Co.,Ltd.,Hangzhou 310018,China

Revised:2019-05-01 Online:2019-05-20 Published:2019-05-21
Supported by:
The National Natural Science Foundation of China(61772162);The National Natural Science Foundation of China(U1866209);The National Key Research Development Program of China(2016YFB0800201);The Natural Science Foundation of Zhejiang Province of China(LY16F020016)

摘要/Abstract

摘要：

利用 BV-Apriori 算法生成匹配规则库，引入模糊集合技术解决连续型数据划分过程中边界过硬的问题，完成特征之间关系的实时分析与规则库的更新，搭建入侵检测BVA-IDS（Boolean vector Apriori-intrusion detection system）模型。研究结果表明，相比顺序生成频繁项集的Apriori算法与已有文献的Apriori-BR算法，本文的BV-Apriori算法挖掘效率显著地提高；相比已有文献的检测模型，本文的BVA-IDS模型在入侵检测指标上表现较好，有较高的检测准确性与较低的误检率和漏检率。

关键词: 入侵检测, Apriori算法, 布尔向量, 模糊理论

Abstract:

An intrusion detection model based on fuzzy theory and improved Apriori algorithm was proposed.The BV-Apriori algorithm was used to generate the matching rule base,and the problem of excessive boundary in the continuous data partitioning process was solved by fuzzy set technology.The real-time analysis of the relationship between features and the update of the rule base were completed,and the intrusion detection model BVA-IDS (Boolean vector Apriori-intrusion detection system) was built.The results show that the mining efficiency of the BV-Apriori algorithm is significantly improved when compared with the existing Apriori-BR algorithm,in addition,the BVA-IDS model also performs well on intrusion detection indicators with high detection accuracy,and low false positive rate and false negative rate.

Key words: intrusion detection, Apriori algorithm, Boolean vector, fuzzy theory

中图分类号:

TP393

章坚武,黄佳森,周迪. 基于模糊理论与关联规则的入侵检测模型[J]. 电信科学, 2019, 35(5): 59-69.

Jianwu ZHANG,Jiasen HUANG,Di ZHOU. Intrusion detection model based on fuzzy theory and association rules[J]. Telecommunications Science, 2019, 35(5): 59-69.

图/表 10

表1

图1

表2

图2

图3

图4

表3

表4

表5

图5

参考文献 14

[1]	DENNING D E . An intrusion-detection model[J]. IEEE Transactions on Software Engineering, 1987,SE-13(2): 222-232.
[2]	AGRAWAL R , IMIELINSKI T , SWAMI A N . Mining association rules between sets of items in large databases[C]// The 1993 ACM SIGMOD International Conference on Management of Data,May 26-28,1993,New York,USA. New York:ACM Press, 1993: 207-216.
[3]	AGRAWAL R , SRIKANT R . Fast algorithms for mining association rules[M]. New York: ACM PressPress, 1994: 487-499.
[4]	ADITYA S P , HEMANTH M , LAKSHMIKANTH C K ,et al. Effective algorithm for frequent pattern mining[C]// International Conference on IoT and Application,May 19-20,2017,Nagapattinam,India. Piscataway:IEEE Press, 2017.
[5]	LI L , LI Q , WU Y ,et al. Mining association rules based on deep pruning strategies[J]. Wireless Personal Communications, 2018(2): 1-25.
[6]	XIAO M , YIN Y , ZHOU Y ,et al. Research on improvement of apriori algorithm based on marked transaction compression[C]// Advanced Information Technology,Electronic and Automation Control Conference,March 25-26,2017,Chongqing,China. Piscataway:IEEE Press, 2017: 1067-1071.
[7]	黄玉蕾, 罗晓霞, 林青 . 基于位运算和倒排索引的关联规则挖掘算法[J]. 电信科学, 2015,31(11): 81-86.
	HUANG Y L , LUO X X , LIN Q . An association rule mining scheme based on bit operation and reverse index[J]. Telecommunications Science, 2015,31(11): 81-86.
[8]	CHANA G Y , CHUAA F F , LEEB C S . Fuzzy association rules vs fuzzy associative patterns in defending against Web service attacks[C]// International Conference on Fuzzy Systems and Knowledge Discovery,August 13-15,2016,Changsha,China. Piscataway:IEEE Press, 2016: 524-529.
[9]	张春琴, 谢立春 . 云环境中改进 FCM 和规则参数优化的网络入侵检测方法[J]. 电信科学, 2018,34(1): 72-79.
	ZHANG C Q , XIE L C . Network intrusion detection method based on improved FCM and rule parameter optimization in cloud environment[J]. Telecommunications Science, 2018,34(1): 72-79.
[10]	JIAO W , LI Q . Anomaly detection based on fuzzy rules[J]. International Journal of Performability Engineering, 2018,14(2): 376-385.
[11]	MABU S , CHEN C , LU N ,et al. An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming[J]. IEEE Transactions on Systems Man ＆Cybernetics Part C, 2010,41(1): 130-139.
[12]	高妮, 高岭, 贺毅岳 ,等. 基于自编码网络特征降维的轻量级入侵检测模型[J]. 电子学报, 2017(3): 730-739.
	GAO N , GAO L , HE Y Y ,et al. A lightweight intrusion detection model based on auto encoder network with feature reduction[J]. Acta Electronica Sinica, 2017(3): 730-739.
[13]	KUMAR S . Classification and detection of computer intrusions[D]. West Lafayette:Purdue University, 1995.
[14]	MADBOULY A I , GODY A M , BARAKAT T M . Relevant feature selection model using data mining for intrusion detection system[J]. International Journal of Engineering Trends ＆Technology, 2014,9(10): 804-811.

TID	事务项集
001	I₁，I₂，I₃，I₅，I₆，I₁₁
002	I₁，I₃，I₇
003	I₅，I₉
004	I₁，I₃，I₄，I₅，I₇
005	I₁，I₃，I₅，I₇，I₁₁
006	I₅，I₁₀
007	I₁，I₂，I₃，I₅，I₆
008	I₁，I₄
009	I₁，I₃，I₅，I₇
010	I₁，I₅，I₈，I₉

项（布尔向量）	I₅（Z₄）	I₃（Z₃）	I₁（Z₂）	I₇（Z₁）
对应频繁项集：支持数	{I₅}：8	{I₁}：8	{I₃}：6	{I₇}：4
		{I₁，I₅}：6	{I₃，I₁}：6	{I₇，I₃}：4
			{I₃，I₅}：5	{I₇，I₁}：4
			{I₃，I₁，I₅}：5	{I₇，I₃，I₁}：4
				{I₇，I₅}：3
				{I₇，I₃，I₅}：3
				{I₇，I₁，I₅}：3
				{I₇，I₃，I₁，I₅}：3

检测指标		模型类别
检测指标	BVA-IDS	Crisp DM	Fuzzy DM
DR	96.38%	90.30%	94.40%
FPR	5.15%	10.30%	7.20%
FNR	3.11%	9.50%	5.00%

检测指标		模型类别
检测指标	BVA-IDS	Crisp DM	Fuzzy DM
DR	98.99%	98.30%	98.70%
FPR	0.40%	0.67%	0.53%
FNR	3.01%	5.00%	3.75%

模型/指标				数据集
模型/指标		DS1	DS2	DS3	DS4	DS5
AN⁵-SVM	DR	98.23%	94.73%	97.48%	98.31%	96.82%
	FPR	1.225%	4.48%	3.67%	1.71%	3.11%
BVA-IDS	DR	98.39%	95.51%	97.60%	98.57%	97.51%
	FPR	1.09%	3.71%	3.57%	1.46%	2.93%

基于模糊理论与关联规则的入侵检测模型

Intrusion detection model based on fuzzy theory and association rules

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 14

相关文章 11

Metrics

推荐阅读 0

[1]	沈士根,冯晟,周海平,黄龙军,胡珂立,曹奇英. 基于云计算和动态贝叶斯博弈的WSN恶意程序传播优化抑制方法[J]. 电信科学, 2018, 34(9): 78-86.
[2]	张春琴,谢立春. 云环境中改进FCM和规则参数优化的网络入侵检测方法[J]. 电信科学, 2018, 34(1): 72-79.
[3]	陆婷婷,韩旭. 面向MANET报文丢弃攻击的模糊入侵检测系统[J]. 电信科学, 2016, 32(10): 124-129.
[4]	邱菡,兰巨龙,欧阳峰,张传浩,王艳红. 面向融合网络的广电双向接入网入侵检测系统[J]. 电信科学, 2015, 31(6): 32-38.
[5]	钱亚冠,关晓惠. 网络入侵检测系统中的漂移检测[J]. 电信科学, 2015, 31(3): 67-73.
[6]	徐东亮,张宏莉,张磊,姚崇崇. 模式匹配在网络安全中的研究[J]. 电信科学, 2015, 31(3): 115-123.
[7]	钱亚冠,关晓惠. 网络入侵检测系统中的漂移检测[J]. 电信科学, 2015, 31(3): 2015058-.
[8]	徐东亮,张宏莉,张磊,姚崇崇. 模式匹配在网络安全中的研究[J]. 电信科学, 2015, 31(3): 2015068-.
[9]	黄玉蕾,罗晓霞,林青. 基于位运算和倒排索引的关联规则挖掘算法[J]. 电信科学, 2015, 31(11): 85-90.
[10]	王相林,朱　晨,孙冬梅,李明月,沈清姿. IPv6网络协议中邻居发现安全问题的研究[J]. 电信科学, 2013, 29(7): 43-48.
[11]	王相林,朱晨,孙冬梅,李明月,沈清姿. IPv6网络协议中分段机制安全问题的研究[J]. 电信科学, 2013, 29(10): 108-113.