Research On Network Intrusion Detection Method Based On Selestive Ensemble Learning

With the continuous improvement of network security risk factor, served as the main means of security precaution, the firewall can no longer meet the demand for network security. As a useful complement to firewall, intrusion detection system can help quickly identify network attacks network occur. In recent years, network intrusion detection technology has been rapid development, but its theoretical foundation is still not perfect, there exist many problems, for example, low detection rate to new attack, high time complexity, and poor generalization in practical applications, in order to solve the existing problems of intrusion detection system,we use the thought of machine learning to research network intrusion detection technology, and design a network intrusion detection method based on selective ensemble learning methods.Selective ensemble learning can reduce the systems’ cost of computing and storage and improve the systems’ generalization capability at the same time. So we use selective ensemble learning to detect network intrusions. First, consider problem of train base learners, propose a decision tree algorithm based on dependency decision entropy called DTDDE; secondly, consider the base learners’ selection and integration problems, a new selective ensemble learning algorithm based on the decision tree, called SELDT is proposed, algorithm SELDT uses DTDDE to train the base learners, and by Q-statistics to calculate the degree of difference between the base learners. Third, consider the application of selective ensemble learning in network intrusion detection, namely the use of algorithm SELDT to detect network intrusion, to construct a new intrusion detection method. The method can effectively improve the detection performance of the system, and at the same time, not increase the intrusion detection system modeling time,The main work of this paper includes the following aspects:(1) Propose a decision tree algorithm based on dependency decision entropy,called DTDDE. For traditional decision tree algorithm based on information entropy have some common problems, this paper propose the concept of a dependency decision entropy. What’s more, this paper use the dependency decision entropy to calculate the attribute importance. Then design and entropy is calculated using dependent decision attribute importance to design a decision tree algorithm DTDDE based on dependency decision entropy. Through experiments on multiple UCI data sets show that, compared with the existing decision tree algorithm, the proposed algorithm DTDDE can get better classification performance.(2) Propose a new selective ensemble classification algorithm based on decision tree, called SELDT. Obtain multiple training sets by sampling with replacement on original data set, respectively, use the decision tree classification algorithm DTDDE in(1) to train a base learner on each training set, and use Q-statistics to calculation the difference degree between the learners. Finally, select the largest difference degree between the M base learners to build ensemble learner. Our experiments on real data sets demonstrate the effectiveness of algorithm SELDT.(3) Apply the selective ensemble classification algorithm proposed by(2) to intrusion detection, thereby obtaining a new intrusion detection method based on selective ensemble learning. In order to distinguish network intrusions and normal behavior effectively, the method use algorithm DTDDE to train the base learner, and use algorithm SELDT to build ensemble learner. we used the KDD Cup 99 data set which is widely used in network security area to verify the effectiveness of this method and compare with the traditional method, new proposed method in this paper can have a better intrusion detection effect.