CN107292166B - Intrusion detection method based on CFA algorithm and BP neural network - Google Patents
Intrusion detection method based on CFA algorithm and BP neural network Download PDFInfo
- Publication number
- CN107292166B CN107292166B CN201710352845.0A CN201710352845A CN107292166B CN 107292166 B CN107292166 B CN 107292166B CN 201710352845 A CN201710352845 A CN 201710352845A CN 107292166 B CN107292166 B CN 107292166B
- Authority
- CN
- China
- Prior art keywords
- neural network
- algorithm
- intrusion detection
- cfa
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/084—Backpropagation, e.g. using gradient descent
Abstract
The invention discloses an intrusion detection method based on a CFA (computational fluid dynamics) algorithm and a BP (back propagation) neural network, which is characterized in that operation parameters of the BP neural network are coded into cell individuals in the CFA algorithm, an error function is used as an adaptive value function of the CFA algorithm, parameters with optimal fitness are selected as an initial weight and a threshold of the BP neural network after multiple iterations for training, and finally the trained BP neural network is applied to a classifier of intrusion detection. The invention optimizes the initial operation parameters of the BP neural network by utilizing the characteristics of global search and high convergence speed of the CFA algorithm, and constructs a classifier which can be applied to network intrusion detection according to the initial operation parameters. The method improves the detection accuracy of the BP neural network in network intrusion detection by improving the defects that the BP neural network is easy to fall into a local minimum value and has low convergence speed due to the randomization of initial parameters.
Description
Technical Field
The invention relates to the technical field of network intrusion detection, in particular to an intrusion detection method based on a CFA (Current FishAlgorithm) algorithm and a BP neural network.
Background
Aiming at the increasingly serious network security problem, the passive defense technology which only depends on a network firewall, a user authentication system and the like cannot completely solve the network and information security problem.
The intrusion detection technology is an active defense technology, can continuously monitor the computer and network behaviors in the network, not only monitors malicious behaviors from the outside of the network, but also detects unauthorized behaviors and malicious behaviors in a network system. The intrusion detection technology is to collect network logs by a certain technical means, monitor network communication and analyze the logs and data packets so as to detect whether malicious behaviors which may damage the network communication exist in the network. For an intrusion detection system, how to further improve the recognition rate of malicious behaviors by intrusion detection and reduce the false negative rate and the false positive rate of normal behaviors of a user are targets continuously pursued by the intrusion detection system.
The neural network algorithm in the field of artificial intelligence has the advantages of self-adaption, self-learning, self-organization, strong generalization capability, capability of performing large-scale parallel computation and nonlinear mapping and the like, so that the neural network algorithm is very suitable for the current increasingly complex and variable intrusion detection environment. The BP neural network is one of the most widely used neural network models at present. However, the conventional BP neural network is prone to be trapped in a local minimum value and has a low convergence rate due to random selection of initial parameters, so that the detection accuracy is not ideal, and the missing report rate and the false report rate are high when the BP neural network is used for intrusion detection.
Picminxia (BP Neural Network-Based intrusion detection Algorithm [ J ]. computer engineering, 2012,06: 148-)) and Yanxi Zhang et al (Zhang Y, Gao X, Katayama s.weld expected prediction with BP Neural Network systematic Genetic Algorithm, 2015,34: 53-59) propose to find optimal weights and thresholds for BP Neural networks to improve their drawbacks using Genetic algorithms (Genetic Algorithm, GA), effectively improve the detection efficiency of BP Neural networks (Wang T, west J. Network) et al (Wang et al, west J. Algorithm L, Ai J. Network Algorithm) find optimal weights and thresholds for BP Neural networks to improve their drawbacks, effectively improve the detection efficiency of BP Neural networks, et al (Wang T, west J. Network) Network optimization algorithms and artificial convergence algorithms (bas J. ap J. Network) sometimes introduce artificial parameters into artificial convergence groups of artificial Neural networks such as artificial convergence algorithms, troubleshoo et al, (sa, sa J. k et al).
The CFA (Small Fish Algorithm) algorithm is a new meta-bionic heuristic algorithm proposed by Eesa, Abdulazez et al (Eesa A S, Abdulazez A M, Orman Z. Cuttlefish algorithm-a novel bio-induced optimization algorithm [ J ]. International Journal of Scientific and Engineering Research,2013,4(9): 1978-1986), which uses test functions such as Rosenbrew and Griewank to perform global optimization comparison, and the test results show that the CFA algorithm has better global optimization capability and convergence speed than the genetic algorithm, the particle swarm algorithm and the artificial bee colony algorithm. Eesa et al (Eesa A S, Abdulazez A M, Orman Z. Curtlefish algorithm-a novel bio-intrusion optimization algorithm [ J ]. International Journal of Scientific and Engineering Research,2013,4(9): 1978-.
Based on the above, the invention provides an intrusion detection method with the combination of the CFA algorithm and the BP neural network, which optimizes the BP neural network by using the CFA algorithm, so that the optimized BP neural network has higher recognition rate and lower false alarm rate and missing alarm rate in intrusion detection.
Disclosure of Invention
The invention provides a method capable of improving network intrusion detection speed and recognition rate, aiming at the problems that the current network form gradually presents the characteristics of layering, virtualization and service and the accompanying network security faces the threat of multilevel property and complex variability.
The invention aims to solve the problems of low detection accuracy and low detection speed caused by the defects that the traditional BP neural network is easy to fall into local extremum and has low convergence speed in network intrusion detection. Firstly, encoding the operation parameters of the BP neural network into cell individuals in the CFA algorithm, then taking the global error as an adaptive value of the CFA algorithm, selecting parameters with optimal fitness after multiple iterations as an initial weight and a threshold of the BP neural network for training, and finally applying the trained BP neural network to a classifier of intrusion detection.
Specifically, the intrusion detection method based on the CFA algorithm and the BP neural network comprises the following steps: and encoding the operation parameters of the BP neural network into cell individuals in the CFA algorithm, taking a global error function as an adaptive value function of the CFA algorithm, selecting parameters with optimal fitness after multiple iterations as an initial weight and a threshold of the BP neural network for training, and finally applying the trained BP neural network to a classifier of intrusion detection.
Specifically, the operation parameter code includes a connection weight and a threshold in the BP neural network.
Specifically, a global error function of the BP neural network is used as an adaptive value function of the CFA algorithm, where the global error function is:
in the network, n neurons are arranged on an input layer, q neurons are arranged on a hidden layer, m neurons are arranged on an output layer, the total number of samples is P, xpiRepresenting the ith input, v, of the p samplekiRepresents the weight, w, from the ith node of the input layer to the kth node of the hidden layerjkRepresenting the weight from the kth node of the hidden layer to the jth node of the output layer, EkFor the p-th sample actual output and ideal output error, tkiIs an ideal output.
Specifically, the CFA algorithm is utilized, iterative operation is carried out until the set maximum operation times is reached, and the Best cell median is decoded into the initial operation parameters of the BP neural network to complete training.
Specifically, the trained BP neural network is used as a classifier of a detection module in the intrusion detection system.
Compared with the prior art, the invention has the following advantages:
the method combines the CFA algorithm and the BP neural network, and fully exerts the characteristics of strong global search capability of the CFA algorithm, self-learning capability of the BP neural network and strong generalization capability.
Drawings
FIG. 1 is a block diagram of a BP neural network of the present invention;
FIG. 2 is a diagram of six reflection scenarios in the CFA algorithm of the present invention;
FIG. 3 is a flow chart of the CFA algorithm in the present invention to optimize the BP neural network;
fig. 4 is a flow chart of network intrusion detection in accordance with the present invention.
Detailed Description
The present invention will be described in further detail below with reference to the accompanying drawings, but the embodiments of the present invention are not limited thereto.
An intrusion detection method based on a CFA (Small Fish Algorithm) algorithm and a BP neural network specifically comprises the following steps:
1. referring to fig. 1, the operation parameters of the BP neural network mainly include a connection weight and a threshold of each neuron, and an object of CFA algorithm optimization is the connection weight and the threshold in the BP neural network. The global error function is:
in the network, n neurons are arranged on an input layer, q neurons are arranged on a hidden layer, m neurons are arranged on an output layer, the total number of samples is P, xpiRepresenting the ith input, v, of the p samplekiRepresents the weight, w, from the ith node of the input layer to the kth node of the hidden layerjkRepresenting the weight from the kth node of the hidden layer to the jth node of the output layer, EkFor the p-th sample actual output and ideal output error, tkiIs an ideal output.
2. And taking all thresholds and weights in the BP neural network as vector dimensions of each cell in the CFA algorithm. Assuming that the BP neural network is a typical three-layer structure including an input layer, a hidden layer, and an output layer, and there are n, p, and m neurons, respectively, each cell in the CFA algorithm includes a dimension W:
w=n*p+p*m+p+m (2)
3. optimizing BP neural network using CFA algorithm
The cuttlefish can change the skin color of the cuttlefish through the pigment cells, the iridescent cells and the white blood cells stacked on the skin layer, as shown in fig. 2, so that the cuttlefish is consistent with the external color to hide the cuttlefish. Wherein the pigment cells change the color of the cells to achieve the purpose of hiding through the contraction and relaxation of muscles to increase or reduce the area of the pigment capsules; iridescent cells are mirror-like reflective cells that hide themselves from the white blood cells by reflecting or dispersing light entering the cells. The incident light (light that enters the cell) may be reflected by the pigment cells, by the reflecting cells (iris cells and white blood cells), or by both.
The CFA algorithm simulates the situation of the six three-layer cell reflected light of fig. 2, and the basic principle is to consider two main processes of the color change of the skin cells of the inkfish: reflectance (reflection) and visibility (visibility). The reflection process simulates a reflection mechanism of contraction and relaxation of pigment cells, the visible process simulates a matching mechanism of reflection or scattering of iridescent cells and white blood cells, and the contraction and relaxation degree of pigment cells and the visible degree of reflecting cells are respectively represented by R and V. The CFA algorithm takes two processes as a global optimization search strategy, and the process of optimizing the BP neural network by the CFA algorithm is shown in figure 3, and specifically comprises the following steps:
(1) selecting a sample for training to be used for preprocessing data; set r1、r2、v1And v2And a maximum number of iterations MCN and a target error.
(2) The cell population is initialized according to equation (3), and each cell is encoded according to the weight and threshold of the BP neural network and equation (2).
P[i].point[j]=random*(upperLimit-lowerLimit)+LowLimit (3)
Wherein i is the ith cell, j is the vector dimension w of the cell, and upper L and low L are the upper and lower limits of the value in each dimension.
(3) Calculating an initial adaptive value of each cell according to the formula (1), storing the cell with the optimal adaptive value into the Best cell, finishing training if the adaptive value of the Best cell meets the error requirement, or dividing the cell group into G cells1、G2、G3、G4And (4) four groups.
(4) For G1Each cell of the group. Updating the cell color using the equations (4), (5) and (6), calculating the adaptation value of the cell according to the equation (1), and updating the Best and AV if the adaptation value is betterBest,AVBestMean values for each dimension of Best cells.
reflectionj=R*G1[i].Point[j](4)
visibilityj=V*(Best.Point[j]-G1[i].Point[j](5)
newP=reflection+visibility (6)
Wherein R and V are calculated as formula (7) and formula (8)
R=random( )*(r1-r2)+r2(7)
V=random()*(v1-v2)+v2(8)
(5) For G2Each cell of the group. Updating cell color, adaptation value, Best, and AV using equations (5), (6), and (9)BestAs in step (4).
reflection=R*Bear.Point (9)
(6) For G3Each cell of the group. Updating the cell color, adaptation value, Best, and AV using equations (6), (9), and (10)BestAs in step (4).
visivility=V*(Best.Point)-AVBest) (10)
(7) For G4Each cell of the group. reflection is a random number, generated by equation (3), visibility is 0, fitness, Best, and AVBestAs in step (4).
(8) And judging whether the given error requirement is met. And if so, ending the process. If not, go to step (9).
(9) And (4), (5), (6) and (7) are executed in an iteration mode. And (4) until the maximum running times MCN of the CFA algorithm is reached, taking the value in the Best cell at the moment as the optimal weight and the threshold of the BP neural network to train the BP neural network.
4. Referring to fig. 4, the trained BP neural network is applied to a detection module of an intrusion detection system as a classifier.
The invention discloses an intrusion detection method based on a CFA (CFA) Algorithm and a BP (back propagation) neural network. The method optimizes the initial operation parameters of the BP neural network by utilizing the characteristics of strong global optimization capability and high convergence speed of the CFA algorithm, wherein the weight and the threshold of the BP neural network are the optimization target of the CFA algorithm, the global error is taken as the fitness of the CFA algorithm, the iteration is stopped when the CFA algorithm reaches the maximum iteration times or the set global error, a group of parameters at the moment are taken as the initial weight and the threshold of the BP neural network for training, and a classifier which can be applied to network intrusion detection is constructed according to the initial operation parameters. The method improves the detection accuracy of the BP neural network in network intrusion detection by improving the defects that the BP neural network is easy to fall into a local minimum value and has low convergence speed due to the randomization of initial parameters.
The above embodiment is an embodiment of the present invention, but the embodiment of the present invention is not limited by the above embodiment, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be regarded as equivalent replacements within the protection scope of the present invention.
Claims (5)
1. A CFA algorithm and BP neural network based intrusion detection method is characterized in that: and encoding the operation parameters of the BP neural network into cell individuals in the CFA algorithm, taking a global error function as an adaptive value function of the CFA algorithm, selecting parameters with optimal fitness after multiple iterations as an initial weight and a threshold of the BP neural network for training, and finally applying the trained BP neural network to a detection module of an intrusion detection system as a classifier.
2. The CFA algorithm and BP neural network based intrusion detection method according to claim 1, wherein: the operation parameters comprise connection weights and thresholds in the BP neural network.
3. The CFA algorithm and BP neural network based intrusion detection method according to claim 1, wherein: and utilizing the global error function of the BP neural network as an adaptive value function of the CFA algorithm, wherein the global error function is as follows:
in the network, an input layer is provided with n neurons, a hidden layer is provided with q neurons, an output layer is provided with m neurons, and the total number of samples is P.
4. The CFA algorithm and BP neural network based intrusion detection method according to claim 1, wherein: and (5) performing iterative operation by using a CFA algorithm until the set maximum operation times are reached, and decoding the Best cell median value into the initial operation parameters of the BP neural network to finish training.
5. The CFA algorithm and BP neural network based intrusion detection method according to claim 1, wherein: and using the trained BP neural network as a classifier of a detection module in the intrusion detection system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710352845.0A CN107292166B (en) | 2017-05-18 | 2017-05-18 | Intrusion detection method based on CFA algorithm and BP neural network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710352845.0A CN107292166B (en) | 2017-05-18 | 2017-05-18 | Intrusion detection method based on CFA algorithm and BP neural network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107292166A CN107292166A (en) | 2017-10-24 |
| CN107292166B true CN107292166B (en) | 2020-07-28 |
Family
ID=60094125
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710352845.0A Active CN107292166B (en) | 2017-05-18 | 2017-05-18 | Intrusion detection method based on CFA algorithm and BP neural network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107292166B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108154029A (en) * | 2017-10-25 | 2018-06-12 | 上海观安信息技术股份有限公司 | Intrusion detection method, electronic equipment and computer storage media |
| CN109800564A (en) * | 2017-11-16 | 2019-05-24 | 航天信息股份有限公司 | A kind of method and system for examining Intranet user behavior based on genetic neural network |
| CN108259498B (en) * | 2018-01-24 | 2020-06-23 | 湖南科技学院 | Intrusion detection method and system based on BP algorithm of artificial bee colony optimization |
| CN109120610A (en) * | 2018-08-03 | 2019-01-01 | 上海海事大学 | A kind of fusion improves the intrusion detection method of intelligent ant colony algorithm and BP neural network |
| CN109274651A (en) * | 2018-08-30 | 2019-01-25 | 上海海事大学 | A kind of ddos attack detection method |
| CN109274673B (en) * | 2018-09-26 | 2021-02-12 | 广东工业大学 | Network flow abnormity detection and defense method |
| CN110290110B (en) * | 2019-05-28 | 2021-08-03 | 中国人民解放军战略支援部队信息工程大学 | Encrypted malicious traffic identification method and system based on redundancy detection architecture |
| CN111614609B (en) * | 2020-03-26 | 2022-05-13 | 诺得物流股份有限公司 | GA-PSO-DBN-based intrusion detection method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105160248A (en) * | 2015-07-02 | 2015-12-16 | 哈尔滨工程大学 | Correlation pruning neural network based identification system and method for malicious process of Xen virtual machine |
| CN106254330A (en) * | 2016-07-29 | 2016-12-21 | 中国电子科技集团公司第五十四研究所 | A kind of software defined network intrusion detection method based on BP neutral net |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7661127B2 (en) * | 2002-11-12 | 2010-02-09 | Millipore Corporation | Instrument access control system |
-
2017
- 2017-05-18 CN CN201710352845.0A patent/CN107292166B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105160248A (en) * | 2015-07-02 | 2015-12-16 | 哈尔滨工程大学 | Correlation pruning neural network based identification system and method for malicious process of Xen virtual machine |
| CN106254330A (en) * | 2016-07-29 | 2016-12-21 | 中国电子科技集团公司第五十四研究所 | A kind of software defined network intrusion detection method based on BP neutral net |
Non-Patent Citations (2)
| Title |
|---|
| A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems;Adel Sabry Eesa 等;《EXPERT SYSTEMS WITH APPLICATIONS》;20150430;第42卷(第5期);全文 * |
| 入侵检测中基于SVM的两级特征选择方法;武小年 等;《通信学报》;20150430;第36卷(第4期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107292166A (en) | 2017-10-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107292166B (en) | Intrusion detection method based on CFA algorithm and BP neural network | |
| Zhang et al. | Intrusion detection for IoT based on improved genetic algorithm and deep belief network | |
| Ullah et al. | Design and development of RNN anomaly detection model for IoT networks | |
| CN108400895B (en) | BP neural network security situation assessment algorithm improved based on genetic algorithm | |
| CN112434758B (en) | Clustering-based federal learning pick-up car attack defense method | |
| Man et al. | Intelligent intrusion detection based on federated learning for edge-assisted internet of things | |
| CN111585948B (en) | Intelligent network security situation prediction method based on power grid big data | |
| CN110647918A (en) | Mimicry defense method for resisting attack by deep learning model | |
| CN112766343B (en) | Network security situation assessment method based on improved WOA-SVM | |
| CN112995150B (en) | Botnet detection method based on CNN-LSTM fusion | |
| Xiao et al. | Network security situation prediction method based on MEA-BP | |
| Huang | Network intrusion detection based on an improved long-short-term memory model in combination with multiple spatiotemporal structures | |
| CN114417427A (en) | Deep learning-oriented data sensitivity attribute desensitization system and method | |
| Li et al. | Using sparrow search hunting mechanism to improve water wave algorithm | |
| CN114708479A (en) | Self-adaptive defense method based on graph structure and characteristics | |
| Choukri et al. | Abnormal network traffic detection using deep learning models in iot environment | |
| CN109660522A (en) | The mixed intrusion detection method based on deep layer self-encoding encoder towards Integrated Electronic System | |
| CN116916317A (en) | Invasion detection method based on white shark and random forest | |
| Zhang et al. | Intrusion detection model for industrial internet of things based on improved autoencoder | |
| Yan et al. | GDE model: A variable intrusion detection model for few-shot attack | |
| Li et al. | Anormaly intrusion detection based on SOM | |
| Wang et al. | Study on the application of neural network in the computer network security evaluation | |
| Huang et al. | Wine quality evaluation model based on artificial bee colony and BP neural network | |
| Wan et al. | Deep SSAE-BiLSTM Model for DDoS Detection In SDN | |
| CN111865947A (en) | Method for generating abnormal data of power terminal based on transfer learning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |