| With the emergence of network penetration attacks, the problem of network security is becoming increasingly prominent, in order to detect network penetration attack effectively, based on swarm intelligence theory, this paper proposes two attack detection methods from two different angles:attack detection method based on ant colony classification rule mining algorithm; attack detection method based on the chaos ant colony algorithm for classification. These two methods are both inspired by foraging process of the ant colony, to conduct data mining in the attack data set, this paper simulate the multiple artificial intelligence ants.The purpose of the first approach is to mine classification rules, and then conduct pattern matching, thus attack behavior can be detected. It regards the conditions of the classification rules as the route of ants foraging, and the final classification categories as food source which ants search for, the whole data set as the searching space of the ant colony, and the search space is two-dimensional and discrete. A classification rule is considered as a path from the nest to food source, through continuous iteration, eventually, multiple classification rules of each category are mined by ant colony. This article firstly build the model, make the process, design related functions of the detection method, and then conduct data mining in the attack dada set. The experimental results show that the method can find classification rules of high quality.The goal of the second method is to find the center of each category, and then calculate the similarity between the new samples and the category centers, each new sample is classified into the category which has the highest similarity with the sample, thus detect attack behaviors. This method fully considers the autonomous behavior and organizational behavior of the ants, so the ants are able to search the global optimal solution. In this method, the whole data set space is viewed as the searching space of ant colony, and the searching space is multidimensional and continuous. The final category centers is regarded as food source which ants hunt for, through iterative searching, eventually, the whole ant colony converges to the optimal category center of each class. This paper firstly construct the model, design the process of the detection method, optimize each category center, and then search the attack data set. The experimental results demonstrate that the means is able to seek out representative category centers.The above two methods appropriately conduct the analogy between ant colony foraging and attack detection, and then build the models of attack detection from two different perspectives, thus the ant colony algorithm is flexibly applied to attack detection. In the process of experiment, after a series of pretreatment of the existing acknowledged data set in network attack, conduct data mining with the above two methods. After finding classification rules or category centers, pattern matching or similarity calculation is implemented respectively, and finally the results of attack detection are got. In order to carry out comparative analysis of experimental results between these two methods and other related algorithms, a series of evaluation functions are set up. Experimental results show that the proposed two approaches can effectively detect network penetration attack, and each has focus on different attack types. In addition, compared with some other relative algorithms, these two kinds of methods have significant improvement in terms of attack detection effect. |
PDF Full Text Request