CN107066881A - Intrusion detection method based on Kohonen neutral nets - Google Patents

Intrusion detection method based on Kohonen neutral nets Download PDF

Info

Publication number
CN107066881A
CN107066881A CN201611156349.XA CN201611156349A CN107066881A CN 107066881 A CN107066881 A CN 107066881A CN 201611156349 A CN201611156349 A CN 201611156349A CN 107066881 A CN107066881 A CN 107066881A
Authority
CN
China
Prior art keywords
data
type
input
neutral nets
kohonen
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611156349.XA
Other languages
Chinese (zh)
Inventor
王志鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201611156349.XA priority Critical patent/CN107066881A/en
Publication of CN107066881A publication Critical patent/CN107066881A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Evolutionary Computation (AREA)
  • Computational Linguistics (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Biophysics (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Physics (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of intrusion detection method based on Kohonen neutral nets, it includes, first by a large amount of normal samples and invasion sample training Kohonen neutral nets, making the neuron aggregates of the variant type of its hidden layer together.Certain type of neuron can only carry out corresponding or sensitivity to specific input data, and then the network after training is tested using test data.For each input, criterion is:Its distance with all hiding node layers is calculated, is this time to input corresponding type apart from the type corresponding to most short hiding node layer, the accurate defeated rate of identification of all test datas is finally counted.The present invention is using intrusion detection evaluation and test AUTHORITATIVE DATA collection Kddcup99, replaced by character and data normalization is translated into the type that Kohonen neutral nets can be recognized, all fields of data set are respectively adopted and the later field of dimensionality reduction is trained and tested to network, find the method to invasive biology rate of accuracy reached to 92.72%.

Description

Intrusion detection method based on Kohonen neutral nets
Technical field
The present invention relates to technical field of network security, and in particular to the intrusion detection method based on Kohonen neutral nets.
Background technology
Today's society is an a networked society, and almost everyone life all establishes connection with network. Network enables people to more easily sharing information, greatly improves the quality of life of people.But at the same time, net now Network equally exists various problem, and people can see a large amount of events on network attack from Newspaper etc. daily, greatly Netizen is measured by assault.The network security growed in intensity, not only causes very big puzzlement to the general network surfed the Net daily, Immeasurable economic loss, or even network hacker is caused to be led with theft of state secrets information to major incorporated businesses simultaneously Cause the harm that can not be imagined.
The content of the invention
Instant invention overcomes the deficiencies in the prior art, there is provided a kind of intrusion detection method based on Kohonen neutral nets.
To solve above-mentioned technical problem, the present invention uses following technical scheme:
A kind of intrusion detection method based on Kohonen neutral nets, it comprises the following steps:
Step 1, each character field in Kddcup99 data sets is replaced with into numeral in order;
Step 2, each numerical value in Kddcup99 data sets is carried out at data normalization using matlab functions mapminmax Reason, after the processing of all data standards value be negative one to positive one, calculation formula is as follows:
Y=(ymax-ymin)*(x-xmin)/(xmax-xmin)+ymin
Wherein certain attribute initial value is x, and the attribute maximum occurrences are xmax, minimum value is xmin, this belongs to after data normalization Property maximum be ymax, minimum value ymin, this value is y after normalized;
Step 3, Kohonen neutral nets are initialized according to the feature of invasion data, the invasion data feature values have 41 dimensions, invasion type has 5 classes, and the input layer of the Kohonen neutral nets is 41, and output node layer is 5, hidden layer section Point is 10*10;
Step 4, Kohonen neural metwork trainings, the step 4 includes:Step 4.1, collection input layer is inputted every time Data;Step 4.2, the corresponding invasion type of data inputted every time;Step 4.3, tied after network repetition training 10000 times Beam;Step 4.4, autoadapted learning rate and relevant radii;Step 4.5, calculate input data and all hidden layer neurons away from From it is the winning node that this is inputted to take the hidden layer neuron corresponding to distance minimum;Step 4.6, calculate with winning node For the center of circle, all nodes in radius r circle;Step 4.7, the connection weight between output layer and hidden layer is updated;Step 5, Network test, the step 5 includes:Step 5.1, for i-th of data input, the data are calculated to each neuron of hidden layer Distance, the data type corresponding to the minimum node of distance is the corresponding type of this input data;Step 5.2, if surveyed The type that test result is drawn matches with the type corresponding to i-th of data input, that is, represents that network is sentenced to this data Disconnected is correct, after complete to all data tests, the number of all correct packets of prediction of output this time test.
Performed intrusion detection in the technical program using Kohonen neutral nets, by mass data training network, make it Each node of hidden layer gathers in different zones according to its type difference, and the neuron in this region is only quick to same type of input Sense, it is possible thereby to which it is invasion type to judge.
First, using a large amount of normal samples and invasion sample training Kohonen neutral nets, make its hidden layer variant The neuron aggregates of type are together.Certain type of neuron can only carry out corresponding or sensitive to specific input data.
Then, the network after training is tested using test data.For each input, criterion is:Meter Its distance with all hiding node layers is calculated, is that this time input is corresponding apart from the type corresponding to most short hiding node layer Type.
Finally count the accurate defeated rate of identification of all test datas.
Compared with prior art, the beneficial effects of the invention are as follows:
The present invention evaluates and tests AUTHORITATIVE DATA collection Kddcup99 using intrusion detection, is replaced by character and data normalization will It is converted into the type that Kohonen neutral nets can be recognized, all fields of data set and the later word of dimensionality reduction is respectively adopted Section is trained and tested to network, finds the method to invasive biology rate of accuracy reached to 92.72%.
Brief description of the drawings
Fig. 1 is the flow chart of the intrusion detection method based on Kohonen neutral nets of an embodiment of the present invention.
Fig. 2 is the flow chart of the Kohonen neural metwork trainings of an embodiment of the present invention.
Fig. 3 is the flow chart of the network test of an embodiment of the present invention.
Embodiment
The present invention is further elaborated below in conjunction with the accompanying drawings.
The intrusion detection method based on Kohonen neutral nets as Figure 1-3, it comprises the following steps:
Step 1, each character field in Kddcup99 data sets is replaced with into numeral in order;
Step 2, each numerical value in Kddcup99 data sets is carried out at data normalization using matlab functions mapminmax Reason, after the processing of all data standards value be negative one to positive one, calculation formula is as follows:
Y=(ymax-ymin)*(x-xmin)/(xmax-xmin)+ymin
Wherein certain attribute initial value is x, and the attribute maximum occurrences are xmax, minimum value is xmin, data normalizing
The maximum of this attribute is y after changemax, minimum value ymin, this value is y after normalized;
Step 3, Kohonen neutral nets are initialized according to the feature of invasion data, the invasion data feature values have 41 dimensions, invasion type has 5 classes, and the input layer of the Kohonen neutral nets is 41, and output node layer is 5, hidden layer section Point is 10*10;
Step 4, Kohonen neural metwork trainings, the step 4 includes:Step 4.1, collection input layer is inputted every time Data;Step 4.2, the corresponding invasion type of data inputted every time;Step 4.3, tied after network repetition training 10000 times Beam;Step 4.4, autoadapted learning rate and relevant radii;Step 4.5, calculate input data and all hidden layer neurons away from From it is the winning node that this is inputted to take the hidden layer neuron corresponding to distance minimum;Step 4.6, calculate with winning node For the center of circle, all nodes in radius r circle;Step 4.7, the connection weight between output layer and hidden layer is updated;Step 5, Network test, the step 5 includes:Step 5.1, for i-th of data input, the data are calculated to each neuron of hidden layer Distance, the data type corresponding to the minimum node of distance is the corresponding type of this input data;Step 5.2, if surveyed The type that test result is drawn matches with the type corresponding to i-th of data input, that is, represents that network is sentenced to this data Disconnected is correct, after complete to all data tests, the number of all correct packets of prediction of output this time test.
The essence of the present invention is described in detail above embodiment, but can not be to protection scope of the present invention Limited, it should be apparent that, under the enlightenment of the present invention, the art those of ordinary skill can also carry out many improvement And modification, it should be noted that these are improved and modification all falls within the claims of the present invention.

Claims (1)

1. a kind of intrusion detection method based on Kohonen neutral nets, it is characterised in that it comprises the following steps:
Step 1, each character field in Kddcup99 data sets is replaced with into numeral in order;
Step 2, data normalization processing is carried out to each numerical value in Kddcup99 data sets using matlab functions mapminmax, After the processing of all data standards value be negative one to positive one, calculation formula is as follows:
Y=(ymax-ymin)*(x-xmin)/(xmax-xmin)+ymin
Wherein certain attribute initial value is x, and the attribute maximum occurrences are xmax, minimum value is xmin, this attribute after data normalization Maximum is ymax, minimum value ymin, this value is y after normalized;
Step 3, Kohonen neutral nets are initialized according to the feature of invasion data, the invasion data feature values have 41 dimensions, Invasion type has 5 classes, and the input layer of the Kohonen neutral nets is 41, and output node layer is 5, and hiding node layer is 10*10;
Step 4, Kohonen neural metwork trainings, the step 4 includes:
Step 4.1, the data that collection input layer is inputted every time;
Step 4.2, the corresponding invasion type of data inputted every time;
Step 4.3, terminate after network repetition training 10000 times;
Step 4.4, autoadapted learning rate and relevant radii;
Step 4.5, input data and the distance of all hidden layer neurons are calculated, the hidden layer nerve corresponding to distance minimum is taken The winning node that member inputs for this;
Step 4.6, calculate using winning node as the center of circle, all nodes in radius r circle;
Step 4.7, the connection weight between output layer and hidden layer is updated;
Step 5, network test, the step 5 includes:
Step 5.1, for i-th of data input, the data are calculated to the distance of each neuron of hidden layer, the minimum node of distance Corresponding data type is the corresponding type of this input data;
Step 5.2, if the type that test result is drawn matches with the type corresponding to i-th of data input, that is, represent Judgement of the network to this data is correct, after complete to all data tests, and all predictions of output this time test are correct The number of packet.
CN201611156349.XA 2016-12-14 2016-12-14 Intrusion detection method based on Kohonen neutral nets Pending CN107066881A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611156349.XA CN107066881A (en) 2016-12-14 2016-12-14 Intrusion detection method based on Kohonen neutral nets

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611156349.XA CN107066881A (en) 2016-12-14 2016-12-14 Intrusion detection method based on Kohonen neutral nets

Publications (1)

Publication Number Publication Date
CN107066881A true CN107066881A (en) 2017-08-18

Family

ID=59619325

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611156349.XA Pending CN107066881A (en) 2016-12-14 2016-12-14 Intrusion detection method based on Kohonen neutral nets

Country Status (1)

Country Link
CN (1) CN107066881A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109388943A (en) * 2018-09-29 2019-02-26 杭州时趣信息技术有限公司 A kind of method, apparatus and computer readable storage medium identifying XSS attack
CN111416819A (en) * 2020-03-18 2020-07-14 湖南大学 Low-speed denial of service attack detection method based on AKN algorithm
CN117272119A (en) * 2023-11-21 2023-12-22 国网山东省电力公司营销服务中心(计量中心) User portrait classification model training method, user portrait classification method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102158486A (en) * 2011-04-02 2011-08-17 华北电力大学 Method for rapidly detecting network invasion
CN102651088A (en) * 2012-04-09 2012-08-29 南京邮电大学 Classification method for malicious code based on A_Kohonen neural network
CN102789593A (en) * 2012-06-18 2012-11-21 北京大学 Intrusion detection method based on incremental GHSOM (Growing Hierarchical Self-organizing Maps) neural network
CN103619021A (en) * 2013-12-10 2014-03-05 天津工业大学 Neural network-based intrusion detection algorithm for wireless sensor network
CN105577685A (en) * 2016-01-25 2016-05-11 浙江海洋学院 Intrusion detection independent analysis method and system in cloud calculation environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102158486A (en) * 2011-04-02 2011-08-17 华北电力大学 Method for rapidly detecting network invasion
CN102651088A (en) * 2012-04-09 2012-08-29 南京邮电大学 Classification method for malicious code based on A_Kohonen neural network
CN102789593A (en) * 2012-06-18 2012-11-21 北京大学 Intrusion detection method based on incremental GHSOM (Growing Hierarchical Self-organizing Maps) neural network
CN103619021A (en) * 2013-12-10 2014-03-05 天津工业大学 Neural network-based intrusion detection algorithm for wireless sensor network
CN105577685A (en) * 2016-01-25 2016-05-11 浙江海洋学院 Intrusion detection independent analysis method and system in cloud calculation environment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
徐守坤等: "IWO-Kohonen 聚类算法在 IDS 中的应用", 《计算机工程》 *
陈熹: "基于神经网络的入侵检测系统的研究与设计", 《中国优秀硕士学位论文全文数据库 信息科技辑 2013年第03期》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109388943A (en) * 2018-09-29 2019-02-26 杭州时趣信息技术有限公司 A kind of method, apparatus and computer readable storage medium identifying XSS attack
CN111416819A (en) * 2020-03-18 2020-07-14 湖南大学 Low-speed denial of service attack detection method based on AKN algorithm
CN117272119A (en) * 2023-11-21 2023-12-22 国网山东省电力公司营销服务中心(计量中心) User portrait classification model training method, user portrait classification method and system
CN117272119B (en) * 2023-11-21 2024-03-22 国网山东省电力公司营销服务中心(计量中心) User portrait classification model training method, user portrait classification method and system

Similar Documents

Publication Publication Date Title
Kim et al. Method of intrusion detection using deep neural network
CN110233849B (en) Method and system for analyzing network security situation
CN103581186B (en) A kind of network security situational awareness method and system
CN111027378B (en) Pedestrian re-identification method, device, terminal and storage medium
CN112019651B (en) DGA domain name detection method using depth residual error network and character-level sliding window
CN110163242B (en) Risk identification method and device and server
CN110084151A (en) Video abnormal behaviour method of discrimination based on non-local network's deep learning
CN104125112B (en) Physical-information fuzzy inference based smart power grid attack detection method
Baek et al. DDoS attack detection on bitcoin ecosystem using deep-learning
CN107256357A (en) The detection of Android malicious application based on deep learning and analysis method
CN112073550B (en) DGA domain name detection method fusing character-level sliding window and depth residual error network
CN106815200A (en) Objectionable text detection method and device based on keyword
CN110830489B (en) Method and system for detecting counterattack type fraud website based on content abstract representation
CN107911346A (en) A kind of intrusion detection method based on extreme learning machine
CN107066881A (en) Intrusion detection method based on Kohonen neutral nets
CN112073551A (en) DGA domain name detection system based on character-level sliding window and depth residual error network
CN103916385A (en) WAF safety monitoring system based on intelligent algorithm
CN110009224A (en) Suspect's violation probability prediction technique, device, computer equipment and storage medium
CN115277159B (en) Industrial Internet security situation assessment method based on improved random forest
CN110138758A (en) Mistake based on domain name vocabulary plants domain name detection method
CN109522755A (en) Hardware Trojan horse detection method based on probabilistic neural network
CN110049034A (en) A kind of real-time Sybil attack detection method of complex network based on deep learning
CN108399387A (en) The data processing method and device of target group for identification
CN112989354A (en) Attack detection method based on neural network and focus loss
CN108121912A (en) A kind of malice cloud tenant recognition methods and device based on neutral net

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170818

RJ01 Rejection of invention patent application after publication