Citation: | SHEN Yanping, WU Chunhua, LUO Jie, GAO Fangping. KNN Intrusion Detection Model Based on Meta-optimization[J]. Journal of Beijing University of Technology, 2020, 46(1): 24-32. DOI: 10.11936/bjutxb2018100005 |
To improve the performance of intrusion detection model based on KNN, a KNN intrusion detection model using meta-optimization based on a local search algorithm for feature weighting was proposed. The differential evolution algorithm was used to optimize feature weights and the LUS based meta-optimization was selected to optimize the differential evolution. The NSL dataset was used to carry out the experiments. The proposed model was compared with that optimized by other commonly used heuristic algorithms, including GA, PSO and GWO. Results show that compared with the traditional KNN, the accuracy of the proposed method is improved by 2.86%, the detection rate increased by 3.18% and the false positive rate is reduced by 50%. The optimization based on meta-optimization is better than other optimization algorithms commonly used.
[1] |
WU S X, BANZHAF W. The use of computational intelligence in intrusion detection systems:a review[J]. Applied Soft Computing, 2010, 10(1):1-35.
|
[2] |
杨义先, 钮心忻.入侵检测理论与技术[M].北京:高等教育出版社, 2006:12-50.
YANG Y X, NIU X X. Theory and technologies of intrusion detection[M]. Beijing:Higher Education Press, 2006:12-50. (in Chinese)
|
[3] |
DENG Z, ZHU X, CHENG D, et al. Efficient kNN classification algorithm for big data[J]. Neurocomputing, 2016, 195(C):143-148. http://d.old.wanfangdata.com.cn/Periodical/jsjgcyyy201901013
|
[4] |
MAILLO J, RAMÍREZ S, TRIGUERO I, et al. kNN-IS:an iterative spark-based design of the k-nearest neighbors classifier for big data[J]. Knowledge-Based Systems, 2017, 117:3-15. doi: 10.1016/j.knosys.2016.06.012
|
[5] |
ZHANG S, LI X, ZONG M, et al. Efficient kNN classification with different numbers of nearest neighbors[J]. IEEE Transactions on Neural Networks & Learning Systems, 2018, 29(5):1774-1785. http://www.ncbi.nlm.nih.gov/pubmed/28422666
|
[6] |
CHEN M, GOU J, WANG C, et al. PSO-based adaptively normalized weighted KNN classifier[J]. Journal of Computational Information Systems, 2015, 11(4):1407-1415.
|
[7] |
TAHIR M A, BOURIDANE A, KURUGOLLU F. Simultaneous feature selection and feature weighting using Hybrid Tabu Search/K-nearest neighbor classifier[J]. Pattern Recognition Letters, 2007, 28(4):438-446. doi: 10.1016/j.patrec.2006.08.016
|
[8] |
李峰, 苗夺谦, 张志飞, 等.基于互信息的粒化特征加权多标签学习k近邻算法[J].计算机研究与发展, 2017, 54(5):1024-1035. http://d.old.wanfangdata.com.cn/Periodical/jsjyjyfz201705011
LI F, MIAO D Q, ZHANG Z F, et al. Mutual information based granular feature weighted k-nearest neighbors algorithm for multi-label learning[J]. Journal of Computer Research and Development, 2017, 54(5):1024-1035. (in Chinese) http://d.old.wanfangdata.com.cn/Periodical/jsjyjyfz201705011
|
[9] |
SU M Y. Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbor classifiers[J]. Expert Systems with Applications, 2011, 38(4):3492-3498. doi: 10.1016/j.eswa.2010.08.137
|
[10] |
SU M Y, CHANG K C, WEI H F, et al. Feature weighting and selection for a real-time network intrusion detection system based on GA with KNN[C]//Proceedings of the 2008 Intelligence and Security Informatics. Berlin: Springer, 2008: 195-204.
|
[11] |
ABUROMMAN A A, REAZ M B I. A novel SVM-kNN-PSO ensemble method for intrusion detection system[J]. Applied Soft Computing, 2016, 38(C):360-372. http://www.wanfangdata.com.cn/details/detail.do?_type=perio&id=5f222e2eb71feaecb0077cd5ef561e82
|
[12] |
LI W, YI P, WU Y, et al. A new intrusion detection system based on KNN classification algorithm in wireless sensor network[J]. Journal of Electrical & Computer Engineering, 2014, 2014(5):1-8. http://www.wanfangdata.com.cn/details/detail.do?_type=perio&id=Doaj000003929272
|
[13] |
MENG W, LI W, KWOK L F. Design of intelligent KNN-based alarm filter using knowledge-based alert verification in intrusion detection[J]. Security & Communication Networks, 2016, 8(18):3883-3895. http://www.wanfangdata.com.cn/details/detail.do?_type=perio&id=94d9adfe8db1268387d3a63d0322e291
|
[14] |
TSAI C F, LIN C Y. A triangle area based nearest neighbors approach to intrusion detection[J]. Pattern Recognition, 2010, 43(1):222-229. doi: 10.1016/j.patcog.2009.05.017
|
[15] |
LIN W C, KE S W, TSAI C F. CANN:an intrusion detection system based on combining cluster centers and nearest neighbors[J]. Knowledge-Based Systems, 2015, 78(1):13-21. http://d.old.wanfangdata.com.cn/Periodical/nmglydcsj200101021
|
[16] |
SU M Y. Using clustering to improve the KNN-based classifiers for online anomaly network traffic identification[J]. Journal of Network & Computer Applications, 2011, 34(2):722-730. http://www.wanfangdata.com.cn/details/detail.do?_type=perio&id=36859f47a6290f922ffad50fe93c58ac
|
[17] |
KUANG F, XU W, ZHANG S. A novel hybrid KPCA and SVM with GA model for intrusion detection[J]. Applied Soft Computing, 2014, 18(C):178-184. http://www.wanfangdata.com.cn/details/detail.do?_type=perio&id=70645c09310c455f130e00b4bb440391
|
[18] |
COSTA K A P, PEREIRA L A M, NAKAMURA R Y M, et al. A nature-inspired approach to speed up optimum-path forest clustering and its application to intrusion detection in computer networks[J]. Information Sciences, 2015, 294(10):95-108. http://www.wanfangdata.com.cn/details/detail.do?_type=perio&id=4317b3aa5f8f45e6e05791cfb6f7aa90
|
[19] |
FENG W Y, ZHANG Q L, HU G Z, et al. Mining network data for intrusion detection through combining SVMs with ant colony networks[J]. Future Generation Computer System, 2014, 37(7):127-140. http://www.wanfangdata.com.cn/details/detail.do?_type=perio&id=024488b6c63f753d82b371eb95f658cd
|
[20] |
WOLPERT D H, MACREADY W G. No free lunch theorems for optimization[J]. IEEE Transactions on Evolutionary Computation, 1997, 1(1):67-82. doi: 10.1109/4235.585893
|
[21] |
VINTAN L, CHIS R, ISMAIL M A, et al. Improving computing systems automatic multiobjective optimization through meta-optimization[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2016, 35(7):1125-1129. doi: 10.1109/TCAD.2015.2501299
|
[22] |
STORN R, PRICE K V. Differential evolution-a simple and efficient heuristic for global optimization over continuous spaces[J]. Journal of Global Optimization, 1997, 11(10):341-359. doi: 10.1023-A-1008202821328/
|
[23] |
TRIGUERO I, GARCÍA S, HERRERA F. Differential evolution for optimizing the positioning of prototypes in nearest neighbor classification[J]. Pattern Recognition, 2011, 44(4):901-916. doi: 10.1016/j.patcog.2010.10.020
|
[24] |
PEDERSEN M E H. Tuning & simplifying heuristical optimization[D]. Southampton: University of Southampton, 2010: 14-18.
|
[25] |
SHARMA A, MANZOOR I, KUMAR N. A feature reduced intrusion detection system using ANN classifier[J]. Expert Systems with Applications, 2017, 88:249-257. doi: 10.1016/j.eswa.2017.07.005
|
[26] |
Canadian Institute for Cybersecurity. NSL-KDD dataset[DS/OL].[2018-06-10]. http://nsl.cs.unb.ca/NSL-KDD.
|
[27] |
MIRJALILI S, MIRJALILI S M, LEWIS A. Grey wolf optimization[J]. Advances in Engineering Software, 2014, 69(7):46-61. http://d.old.wanfangdata.com.cn/Periodical/xtgcydzjs-e201502012
|
[28] |
HASAN M A M, NASSER M, PAL B, et al. Support vector machine and random forest modeling for intrusion detection system (IDS)[J]. Journal of Intelligent Learning Systems & Applications, 2014, 6(1):45-52.
|
[29] |
CHENG C, TAY W P, HUANG G B. Extreme learning machines for intrusion detection[C]//International Joint Conference on Neural Networks. Washington, D C: IEEE, 2012: 1-8.
|
[30] |
ZHANG J, ZULKERNINE M, HAQUE A. Random-forests-based network intrusion detection systems[J]. IEEE Transactions on Systems Man & Cybernetics:Part C, 2008, 38(5):649-659. http://d.old.wanfangdata.com.cn/NSTLQK/NSTL_QKJJ025398721/
|
[31] |
NGUYEN H A, CHOI D. Application of data mining to network intrusion detection: classifier selection model[C]//Proceedings of the 11th Asian-Pacific Network Operations and Management Symposium. Berlin: Springer, 2008: 399-408.
|
[1] | SI Pengbo, LI Shuangyuan, LIU Chang, LI Meng. Contemporary Survey of Machine Learning-based Approaches to Solving Communication Issues for Intelligent Reflecting Surfaces[J]. Journal of Beijing University of Technology, 2025, 51(1): 87-99. DOI: 10.11936/bjutxb2023110015 |
[2] | GAO Tiaokang, JIN Xiaoning, LAI Yingxu. Model Heterogeneous Federated Learning for Intrusion Detection[J]. Journal of Beijing University of Technology, 2024, 50(5): 543-557. DOI: 10.11936/bjutxb2022060002 |
[3] | LI Yahong, ZHOU Chengxu, DUAN Lijuan, WANG Simeng, GU Ke. Review of Intelligent Detection, Identification and Warning Methods for Airborne Particulate Matter Based on Machine Perception and Learning[J]. Journal of Beijing University of Technology, 2024, 50(2): 195-206. DOI: 10.11936/bjutxb2023070048 |
[4] | YUAN Jiaojiao, HU Yongli, SUN Yanfeng, YIN Baocai. Survey of Small Object Detection Methods Based on Deep Learning[J]. Journal of Beijing University of Technology, 2021, 47(3): 293-302. DOI: 10.11936/bjutxb2020090019 |
[5] | WANG Xiujuan, XIANG Congbin. DoS Attack Detecting Algorithm Based on Accumulation[J]. Journal of Beijing University of Technology, 2017, 43(9): 1328-1334. DOI: 10.11936/bjutxb2016090074 |
[6] | JIANG Feng, ZHANG Youqiang, DU Junwei, LIU Guozhu, SUI Yuefei. Approximate Reducts-based Ensemble Learning Algorithm and Its Application in Intrusion Detection[J]. Journal of Beijing University of Technology, 2016, 42(6): 877-885. DOI: 10.11936/bjutxb2015100008 |
[7] | HE Jing-sha, XING Li, ZHANG Ting, LI Guo-rui. A Dynamic Intrusion Detection System for Cluster-based Wireless Sensor Networks[J]. Journal of Beijing University of Technology, 2010, 36(6): 845-849. |
[8] | WU Jing, LIU Yan-heng, MENG Fan-xue. Algorithm of Multi-category SVM Incremental Learning in Application of Intrusion Detection[J]. Journal of Beijing University of Technology, 2009, 35(12): 1697-1702. |
[9] | ZHANG Ran, HE Jing-sha. Research on Dynamic Adaptive Intrusion Detection Model[J]. Journal of Beijing University of Technology, 2005, 31(z1): 97-102. |
[10] | WANG Quan-min, WANG Rui, ZHAO Qin. A Log Analyzing System for Linux LASL[J]. Journal of Beijing University of Technology, 2005, 31(4): 420-422. |