{"title":"利用 Knapsack 优化、互信息增益和机器学习进行网络入侵检测","authors":"A. Afolabi, O. A. Akinola","doi":"10.1155/2024/7302909","DOIUrl":null,"url":null,"abstract":"The security of communication networks can be compromised through both known and novel attack methods. Protection against such attacks may be achieved through the use of an intrusion detection system (IDS), which can be designed by training machine learning models to detect cyberattacks. In this paper, the KOMIG (knapsack optimization and mutual information gain) IDS was developed to detect network intrusions. The KOMIG IDS combined the strengths of optimization and machine learning together to achieve a high intrusion detection performance. Specifically, KOMIG IDS comprises a 2-stage feature selection procedure; the first was accomplished with a knapsack optimization algorithm and the second with a mutual information gain filter. In particular, we developed an optimization model for the selection of the most important features from a network intrusion dataset. Then, a new set of features was synthesized from the selected features and combined with the selected features to form a candidate features set. Next, we applied an information gain filter to the candidate features set to prune out redundant features, leaving only the features that possess the maximum information gain, which were used to train machine learning models. The proposed KOMIG IDS was applied to the UNSW-NB15 dataset, which is a well-known network intrusion evaluation dataset, and the resulting data, after optimization operation, were used to train four machine learning models, namely, logistic regression (LR), random forest (RF), decision tree (DT), and K-nearest neighbors (KNN). Simulation experiments were conducted, and the results revealed that our proposed KNN-based KOMIG IDS outperformed comparative schemes by achieving an accuracy score of 97.14%, a recall score of 99.46%, a precision score of 95.53%, and an F1 score of 97.46%.","PeriodicalId":46573,"journal":{"name":"Journal of Electrical and Computer Engineering","volume":null,"pages":null},"PeriodicalIF":1.2000,"publicationDate":"2024-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Network Intrusion Detection Using Knapsack Optimization, Mutual Information Gain, and Machine Learning\",\"authors\":\"A. Afolabi, O. A. Akinola\",\"doi\":\"10.1155/2024/7302909\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The security of communication networks can be compromised through both known and novel attack methods. Protection against such attacks may be achieved through the use of an intrusion detection system (IDS), which can be designed by training machine learning models to detect cyberattacks. In this paper, the KOMIG (knapsack optimization and mutual information gain) IDS was developed to detect network intrusions. The KOMIG IDS combined the strengths of optimization and machine learning together to achieve a high intrusion detection performance. Specifically, KOMIG IDS comprises a 2-stage feature selection procedure; the first was accomplished with a knapsack optimization algorithm and the second with a mutual information gain filter. In particular, we developed an optimization model for the selection of the most important features from a network intrusion dataset. Then, a new set of features was synthesized from the selected features and combined with the selected features to form a candidate features set. Next, we applied an information gain filter to the candidate features set to prune out redundant features, leaving only the features that possess the maximum information gain, which were used to train machine learning models. The proposed KOMIG IDS was applied to the UNSW-NB15 dataset, which is a well-known network intrusion evaluation dataset, and the resulting data, after optimization operation, were used to train four machine learning models, namely, logistic regression (LR), random forest (RF), decision tree (DT), and K-nearest neighbors (KNN). Simulation experiments were conducted, and the results revealed that our proposed KNN-based KOMIG IDS outperformed comparative schemes by achieving an accuracy score of 97.14%, a recall score of 99.46%, a precision score of 95.53%, and an F1 score of 97.46%.\",\"PeriodicalId\":46573,\"journal\":{\"name\":\"Journal of Electrical and Computer Engineering\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":1.2000,\"publicationDate\":\"2024-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Electrical and Computer Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1155/2024/7302909\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Electrical and Computer Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1155/2024/7302909","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
通信网络的安全可能会通过已知和新颖的攻击方法受到破坏。可通过使用入侵检测系统(IDS)来防范此类攻击,该系统可通过训练机器学习模型来检测网络攻击。本文开发了 KOMIG(knapsack optimization and mutual information gain)入侵检测系统来检测网络入侵。KOMIG IDS 将优化和机器学习的优势结合在一起,实现了较高的入侵检测性能。具体来说,KOMIG IDS 包括一个两阶段的特征选择程序;第一阶段采用 Knapsack 优化算法,第二阶段采用互信息增益过滤器。具体而言,我们开发了一个优化模型,用于从网络入侵数据集中选择最重要的特征。然后,从所选特征中合成一组新特征,并与所选特征相结合,形成候选特征集。接着,我们对候选特征集进行信息增益过滤,剪除冗余特征,只留下具有最大信息增益的特征,用于训练机器学习模型。我们将所提出的 KOMIG IDS 应用于 UNSW-NB15 数据集(这是一个著名的网络入侵评估数据集),并将优化后的数据用于训练四个机器学习模型,即逻辑回归(LR)、随机森林(RF)、决策树(DT)和 K 近邻(KNN)。仿真实验结果表明,我们提出的基于 KNN 的 KOMIG IDS 的准确率为 97.14%,召回率为 99.46%,精确率为 95.53%,F1 分数为 97.46%,优于同类方案。
Network Intrusion Detection Using Knapsack Optimization, Mutual Information Gain, and Machine Learning
The security of communication networks can be compromised through both known and novel attack methods. Protection against such attacks may be achieved through the use of an intrusion detection system (IDS), which can be designed by training machine learning models to detect cyberattacks. In this paper, the KOMIG (knapsack optimization and mutual information gain) IDS was developed to detect network intrusions. The KOMIG IDS combined the strengths of optimization and machine learning together to achieve a high intrusion detection performance. Specifically, KOMIG IDS comprises a 2-stage feature selection procedure; the first was accomplished with a knapsack optimization algorithm and the second with a mutual information gain filter. In particular, we developed an optimization model for the selection of the most important features from a network intrusion dataset. Then, a new set of features was synthesized from the selected features and combined with the selected features to form a candidate features set. Next, we applied an information gain filter to the candidate features set to prune out redundant features, leaving only the features that possess the maximum information gain, which were used to train machine learning models. The proposed KOMIG IDS was applied to the UNSW-NB15 dataset, which is a well-known network intrusion evaluation dataset, and the resulting data, after optimization operation, were used to train four machine learning models, namely, logistic regression (LR), random forest (RF), decision tree (DT), and K-nearest neighbors (KNN). Simulation experiments were conducted, and the results revealed that our proposed KNN-based KOMIG IDS outperformed comparative schemes by achieving an accuracy score of 97.14%, a recall score of 99.46%, a precision score of 95.53%, and an F1 score of 97.46%.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
