CN109120610A - A kind of fusion improves the intrusion detection method of intelligent ant colony algorithm and BP neural network - Google Patents

A kind of fusion improves the intrusion detection method of intelligent ant colony algorithm and BP neural network Download PDF

Info

Publication number
CN109120610A
CN109120610A CN201810874273.7A CN201810874273A CN109120610A CN 109120610 A CN109120610 A CN 109120610A CN 201810874273 A CN201810874273 A CN 201810874273A CN 109120610 A CN109120610 A CN 109120610A
Authority
CN
China
Prior art keywords
neural network
bee
network
data
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810874273.7A
Other languages
Chinese (zh)
Inventor
段乐天
韩德志
田秋亭
王军
毕坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Maritime University
Original Assignee
Shanghai Maritime University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Maritime University filed Critical Shanghai Maritime University
Priority to CN201810874273.7A priority Critical patent/CN109120610A/en
Publication of CN109120610A publication Critical patent/CN109120610A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/004Artificial life, i.e. computing arrangements simulating life
    • G06N3/006Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Abstract

The invention discloses the intrusion detection methods that a kind of fusion improves intelligent ant colony algorithm and BP neural network, comprising the following steps: collects network packet and is pre-processed, as IDS Framework training data;Multilayer neural network model is designed, is that activation primitive is arranged in hidden layer and output layer neuron;Pre-training is carried out to neural network model using intelligent ant colony algorithm is improved, exports optimal nectar source position vector;According to the initial weight and threshold value of optimal nectar source position vector setting neural network model;Design back-propagation algorithm is simultaneously trained neural network with intrusion detection data, obtains neural network IDS Framework;Planned network invader-inspecting software module, is disposed real-time detection network traffic data in a network environment, generates alarm to the Abnormal network traffic detected.The present invention improves the training speed of neural network model and the precision of intrusion detection using the intelligent ant colony algorithm Optimized BP Neural Network algorithm of improvement.

Description

A kind of fusion improves the intrusion detection method of intelligent ant colony algorithm and BP neural network
Technical field
The present invention relates to network safety fileds more particularly to a kind of fusion to improve intelligent ant colony algorithm and BP neural network Intrusion detection method.
Background technique
With the development of internet technology, people are more convenient by network interconnection intercommunication, provided by network various Service facilitates people's lives and work.However network security problem also becomes increasingly conspicuous, criminal may be by network It is encroached on to speculate, therefore a hot spot of the detection and defence referred to as network security to network attack.Attacker is logical It can often be attacked using the defect of network protocol, mainly there is Denial of Service attack, user to propose power attack, long-range attack to local It hits, Port Scan Attacks etc..Currently, the method detected to attack includes the method based on classification and cluster, all pass through Network flow is analyzed to detect network intrusions.
Machine learning method has been widely used in the different types of attack of identification, and machine learning method can be with Network administrator is helped to take appropriate measures to cope with network intrusions.However, most of traditional machine learning methods belong to Shallow-layer study, needs the artificial a large amount of tagsort of carry out and feature selecting, they not can solve in live network application ring The classification problem of a large amount of attacks and invasion data that are faced in border.In addition, shallow-layer learns to be not suitable for intellectual analysis and mass data The forecast demand of higher-dimension study.And BP neural network model has good adaptability, self study and None-linear approximation ability, These demands above-mentioned are able to satisfy, have been widely used in predicting at present, are modeled, the fields such as classification and self adaptive control.
Swarm intelligence is simply defined as the collective behavior of decentralization and Self-organized Group.It is well known that these kinds Group can be flock of birds, the shoal of fish or some social insects, such as ant colony, bee colony etc..In the 1990s, especially base The interest of researcher is greatly caused in two class methods of ant colony and the shoal of fish.Swarm intelligence needs group to meet self-organizing spy Sign, but since 21 century, researcher starts interested in describing new intelligent method with the population behavior of honeybee.Closely For over ten years, the algorithm of some various intelligent behaviors based on honeybee populations has been developed.Population algorithm is excellent originating from numerical value Change problem is a kind of meta-heuristic objective optimization algorithm.
In view of defect existing for artificial neural network conventional exercises method, researchers begin trying to answer heuritic approach It uses in the design and parameter optimization of neural network, i.e., using the method training neural network of intelligent heuristics, the two is melted It closes and produces a kind of completely new neural network, referred to as Evolutionary Neural Network.Artificial bee colony algorithm ABC (Artificial Bee Colony Algorithm) it is a kind of emerging intelligent heuristics algorithm, it is to propose that algorithm comes in Erciyes university in 2005 Derived from the research and simulation to honeybee producting honey behavior.ABC algorithm and other intelligent heuristics algorithms such as particle swarm algorithm PSO (Particle Swarm Optimization), ant group algorithm ACO (Ant Colony Optimization), differential evolution are calculated Method DE (Differential Evolution) is compared, and has many advantages, such as that simple and convenient, parameter is few, strong robustness.
Optimisation technique is one kind based on mathematics, optimal for the searching of objective optimization algorithm under the limitation of certain time condition The application technology of feasible solution.The 1980s, pervious optimization algorithm mainly utilized mathematical analysis, and the methods of iterative solution comes Solving practical problems, referred to as traditional optimization algorithm.These methods have complete theory analysis and mathematical proof, and even Good effect is also achieved in the optimization problems such as continuous, low-dimensional, but just for multimodal, higher-dimension and discontinuous optimization problem Seem that some are helpless.Since the 1980s, emerges in large numbers and novel be different from traditional optimization algorithm in addition to some Heuritic approach, for example, genetic algorithm (Genetic Algorithm) be simulate Darwinian evolutionism natural selection and The computation model of the biological evolution process of genetic mechanisms;The thinking of simulated annealing SA (Simulated Annealing) The annealing process of solid matter in physics.These algorithms have all imitated the certain processes occurred in nature.
Summary of the invention
The invention discloses the intrusion detection method that a kind of fusion improves intelligent ant colony algorithm and BP neural network, using changing Into intelligent ant colony algorithm Optimized BP Neural Network model, network data is detected by neural network model, is improved to net The verification and measurement ratio of network attack, reduces rate of false alarm.
To achieve the goals above, the invention adopts the following technical scheme:
A kind of fusion of the invention improves the intrusion detection method of intelligent ant colony algorithm and BP neural network, including walks as follows It is rapid:
Step S1. collects network packet and is pre-processed, as IDS Framework training data;The pretreatment Specifically comprise the following steps:
Step S1-1. numeralization, for the character type feature in intrusion detection data, by being extended to unit vector To complete to quantize;Assuming that this feature has k characteristic value, then k dimension unit vector is extended to;
It is uniformly mapped on [- 1,1] section by step S1-2. normalization, data bi-directional scaling;Calculation expression As shown in formula (1):
Wherein, x indicates initial data, xmaxIndicate the upper bound of initial data, xminIndicate that the lower bound of initial data, y indicate Data after normalization, ymaxIndicate the upper bound of data after normalizing, yminIndicate the lower bound of data after normalizing;
Step S2. designs multilayer neural network model, is that corresponding activation primitive is arranged in hidden layer and output layer neuron; The multilayer neural network model is a kind of machine learning algorithm, is a kind of meter of the structure and function of mimic biology neural network Calculate model;Neural network is coupled by a large amount of artificial neuron to be calculated, and is a kind of Adaptable System;Specifically include following step It is rapid:
The number of nodes of network layer is arranged in step S2-1., and the number of hidden layer and output layer neuron is arranged;
Step S2-2. establishes connection between neural network input layer, hidden layer and output layer, be arranged corresponding weight and Threshold parameter;
Step S2-3. is that corresponding activation primitive is arranged in hidden layer and output layer neuron, has neural network model Sort feature;
Step S3. carries out pre-training to neural network model using improved intelligent ant colony algorithm, exports optimal nectar source Position vector;The intelligent ant colony algorithm of the improvement is on the basis of classical artificial bee colony algorithm, in conjunction with depth-first search frame It is formed with two search expressions based on elite solution;
The artificial bee colony algorithm is a kind of algorithm for simulating honeybee producting honey behavior, and role, which is divided into, employs bee, observation bee And search bee;Assuming that in D dimension space, population scale is 2 × N, employs bee number=observation bee number=N, nectar source with employ Bee is corresponding, and nectar source number is also N, and the position in i-th of nectar source is denoted as X={ X1,X2,X3,…,XN};The position generation in each nectar source One candidate solution of table optimization problem, the quality of the quantity reflection solution of nectar;
The depth-first search is a kind of for traversing the algorithm of tree or figure, along the node of the extreme saturation tree of tree, The branch of search tree as deep as possible;Shown in search expression based on elite solution such as formula (2) and formula (3):
Vi,j=Xe,ji,j×(Xe,j-Xk,j) (2)
Wherein, i and k random selection in { 1,2 ... N }, j random selection, V from { 1,2 ..., D }i,jIt is i-th of candidate The jth in nectar source is tieed up;Xe,jIt is the jth dimension of e-th of food source, Xk,jIt is the jth dimension of k-th of food source;φi,jIt is section [- 1,1] Random real number;
Wherein, XeFor solution randomly selected from elite solution, XkFor solution randomly selected from current population;E is not equal to k, And k is not equal to i;XbestFor current optimal solution, φe,jIt is the random real number in section [- 1,1];
The intelligent ant colony algorithm of the improvement specifically comprises the following steps: the search process in nectar source
Step S3-1. employs bee to carry out neighborhood search to current nectar source, generates new nectar source, is selected according to Greedy principle More excellent nectar source;
Step S3-2. observes bee and selects a nectar source according to the information for employing bee to share, and neighborhood search is carried out, according to greediness Principle selects more excellent nectar source;
Step S3-3. employs bee to abandon nectar source, is changed into search bee, and the nectar source that random search is new;In search process, see Bee is examined according to the information for employing bee to share, a nectar source is selected according to following formula in a manner of roulette:
In formula, piIndicate the probability in i-th of nectar source of selection, fit is the fitness of food source, fiIndicate problem to be solved Target function value;
It employs bee to carry out neighborhood search according to the position of food source in memory, it is suitable that it can be assessed when finding new food source Response employs bee to be scanned for according to expression formula (6):
Vij=Xij+Rij(Xij-Xhj) (6)
In formula, i ∈ { 1,2 ..., N }, j ∈ { 1,2 ..., m }, XhjIn h randomly select, RijBe [- 1,1] it Between a random number, VijIndicate neighborhood food source, XijIndicate current foodstuff source, XhjIndicate the food source randomly selected, each Solution undergoes iteration for several times, and the solution is given up if not improving;If some solution i is not successfully updated after iteration for several times, Initialization is re-started according to expression formula (7):
Xi=Xmin+rand(0,1)(Xmax-Xmin) (7)
In formula, Xmax、XminCoboundary and the lower boundary of domain are respectively indicated, rand (0,1) is indicated between 0 to 1 Random number;
Step S4. according to exported in step S3 optimal nectar source position vector setting neural network model initial weight and Threshold value;
Step S5. design back-propagation algorithm is simultaneously trained neural network with intrusion detection data, obtains nerve net Network IDS Framework;The back-propagation algorithm is a kind of method of general training neural network, by minimizing nerve The loss function of network, to adjust the weight and threshold value of neural network;Specifically comprise the following steps:
Step S5-1. designs back-propagation algorithm;Loss function of the squared error function as neural metwork training is selected, Simultaneously in order to avoid neural metwork training over-fitting, increase the quadratic sum of weight and threshold value in loss function, training process will It can be biased to smaller connection weight and threshold value, keep network output more smooth;
Stochastic gradient descent method is selected, weight and threshold value are adjusted with the negative gradient direction of loss function, iteration The value of loss function is reduced, and in order to improve the ability for jumping out local minimum in neural network training process, is calculating ladder It joined enchancement factor when spending, even if having fallen into local minimum point, calculated gradient may still be not zero, and have an opportunity to jump out office Portion's minimum continues searching;
Step S5-2. is using intrusion detection data as the training data of neural network, using back-propagation algorithm to nerve Network model is trained, and obtains neural network IDS Framework;
Step S6. examines network intrusions according to neural network IDS Framework planned network invader-inspecting software module Software module deployment real-time detection network traffic data in a network environment is surveyed, report is generated to the Abnormal network traffic detected It is alert;The network invasion monitoring software module specifically includes following module:
Attack warning module is the first layer of network invasion monitoring software, the variation of real time monitoring request stream, when request is flowed When reaching certain restriction threshold value, flow is forwarded to flow preprocessing module and carries out preliminary treatment;
Flow preprocessing module collects the network flow data packet received, carries out data prediction to data packet, concurrently Give neural network intrusion detection module;
Neural network intrusion detection module receives the data packet of flow preprocessing module forwarding, neural network intrusion detection mould Type detects data packet;
Attack-response module receives the testing result of neural network intrusion detection module, be Dos for testing result, 4 kinds of abnormal network data packets such as Probe, R2L, U2R, generate corresponding warning message.
Compared with the prior art, the present invention has the following advantages:
The present invention carrys out Optimized BP Neural Network algorithm using improved intelligent ant colony algorithm, constructs a kind of fusion improvement intelligence The intrusion detection method of energy ant colony algorithm and BP neural network.The intelligence ant colony algorithm is based on depth-first search frame, balance Ability of the artificial bee colony algorithm in terms of the exploration and exploitation to solution, and two novel search expressions are used, draw The concept for having entered elite solution remains the high solution of fitness, accelerates the search for optimal solution.Improved intelligence ant colony algorithm On the one hand the convergence rate of BP neural network training is improved;On the other hand, BP neural network training is reduced to initial power The limitation of value and threshold value, improves the robustness of algorithm.In real network environment, have compared to traditional detection method certain Study and adaptive ability.
Detailed description of the invention
Fig. 1 is the intrusion detection that a kind of fusion provided in an embodiment of the present invention improves intelligent ant colony algorithm and BP neural network The flow chart of method.
Fig. 2 is the intrusion detection that a kind of fusion provided in an embodiment of the present invention improves intelligent ant colony algorithm and BP neural network The software module diagram of method.
Specific embodiment
In order to be easy to understand the technical means, the creative features, the aims and the efficiencies achieved by the present invention, tie below Closing the drawings and specific embodiments, the present invention will be further described in detail, the range of but do not limit the invention in any way.
Fig. 1 is the intrusion detection that a kind of fusion of the specific embodiment of the invention improves intelligent ant colony algorithm and BP neural network Method flow diagram, the detection method compare congenic method verification and measurement ratio with higher and lower rate of false alarm, have centainly Study and adaptive ability.
Fig. 2 is the intrusion detection method that a kind of fusion of the embodiment of the present invention improves intelligent ant colony algorithm and BP neural network Software module diagram, modules have the function of different, the common work for completing network flow intrusion detection.
The detection method includes the following steps:
Step S1. collects network packet and is pre-processed, as IDS Framework training data;The data are pre- Processing specifically comprises the following steps:
Step S1-1. numeralization, since neural network model only supports the input of value type, it is therefore desirable to data into Line number value is completed to quantize by being extended to unit vector for the character type feature in intrusion detection data;It is false If this feature has k characteristic value, then k dimension unit vector is extended to;Such as there are three feature " protocol_type " Characteristic value " tcp " " udp " " icmp ", can be encoded to binary vector (1,0,0), (0,1,0) and (0,0,1).
It is uniformly mapped on [- 1,1] section by step S1-2. normalization, data bi-directional scaling;Calculation expression As shown in formula (1):
Wherein, x indicates initial data, xmaxIndicate the upper bound of initial data, xminIndicate that the lower bound of initial data, y indicate Data after normalization, ymaxIndicate the upper bound of data after normalizing, yminIndicate the lower bound of data after normalizing;
Step S2. designs multilayer neural network model, is that corresponding activation primitive is arranged in hidden layer and output layer neuron; Specifically comprise the following steps:
The number of nodes of network layer is arranged in step S2-1., and the number of hidden layer and output layer neuron is arranged;
Step S2-2. establishes connection between neural network input layer, hidden layer and output layer, be arranged corresponding weight and Threshold value;
Step S2-3. is that corresponding activation primitive is arranged in hidden layer and output layer neuron.Hidden layer neuron is set Activation primitive is Sigmoid function, shown in function expression such as formula (2).The curve of Sigmoid function is S, can will be neural The output reduction of network linear combiner is between 0 to 1.
The excitation function of output layer neuron is set as Softmax function, and the function is in more assorting processes, it will The output of multiple neurons is mapped in (0,1) section, shown in expression formula such as formula (3).
Step S3. carries out pre-training to neural network model using improved intelligent ant colony algorithm, exports optimal nectar source Position vector;The intelligence ant colony algorithm is on the basis of classical artificial bee colony algorithm, in conjunction with depth-first search frame and two A search expression based on elite solution is formed;
The artificial bee colony algorithm is a kind of algorithm for simulating honeybee producting honey behavior, and role, which is divided into, employs bee, observation bee And search bee;Assuming that in D dimension space, population scale is 2 × N, employs bee number=observation bee number=N, nectar source with employ Bee is corresponding, and nectar source number is also N, and the position in i-th of nectar source is denoted as X={ X1,X2,X3,…,XN};The position generation in each nectar source One candidate solution of table optimization problem, the quality of the quantity reflection solution of nectar;
The depth-first search is a kind of for traversing or the algorithm of search tree or figure, along the extreme saturation tree of tree Node, the branch of search tree as deep as possible;Shown in search expression based on elite solution such as formula (4) and formula (5):
Vi,j=Xe,ji,j×(Xe,j-Xk,j) (4)
Wherein, i and k random selection in { 1,2 ... N }, j random selection, V from { 1,2 ..., D }k,jIt is k-th of candidate The jth in nectar source is tieed up;Xi,jIt is the jth dimension of i-th of food source, Xk,jIt is the jth dimension of k-th of food source;φi,jIt is section [- 1,1] Random real number;
Wherein, XeFor solution randomly selected from elite solution, XkFor solution randomly selected from current population;E is not equal to k, And k is not equal to i;XbestFor current optimal solution, φe,jIt is the random real number in section [- 1,1];
It the use of improve intelligent ant colony algorithm is that BP neural network generates initial weight and threshold value.Setting improves intelligent bee colony and calculates The Population Size of method, according to the number of variable in the weight of BP neural network and threshold value, setting the dimension of solution, i.e. food source Position represents the weight and threshold value of BP neural network.Using the error function of neural network as the fitness function of food source. The food source of high superiority and inferiority degree is the weight and threshold value with high fitness.Intelligent ant colony algorithm is improved to pass through in an iterative process Nectar source is updated, to obtain better solution.Table 1 show BP neural network training table corresponding with honeybee foraging behavior.
Table 1BP neural metwork training table corresponding with honeybee foraging behavior
Bee colony foraging behavior Neural metwork training
Food source position Weight and threshold value
Food source superiority and inferiority degree Neural network error
High superiority and inferiority degree food source High fitness weight and threshold value
The intelligent ant colony algorithm of the improvement specifically comprises the following steps: the search process in nectar source
Step S3-1. employs bee to carry out neighborhood search to current nectar source, generates new nectar source, is selected according to Greedy principle More excellent nectar source;
Step S3-2. observes bee and selects a nectar source according to the information for employing bee to share, and neighborhood search is carried out, according to greediness Principle selects more excellent nectar source;
Step S3-3. employs bee to abandon nectar source, is changed into search bee, and the nectar source that random search is new;In search process, see Bee is examined according to the information for employing bee to share, a nectar source is selected according to following formula in a manner of roulette:
In formula, piIndicate the probability in i-th of nectar source of selection, fit is the fitness of food source, fiIndicate problem to be solved Target function value;
It employs bee to carry out neighborhood search according to the position of food source in memory, it is suitable that it can be assessed when finding new food source Response employs bee to be scanned for according to expression formula (8):
Vij=Xij+Rij(Xij-Xhj) (8)
In formula, i ∈ { 1,2 ..., N }, j ∈ { 1,2 ..., m }, XhjIn h randomly select, RijBe [- 1,1] it Between a random number, VijIndicate neighborhood food source, XijIndicate current foodstuff source, XhjIndicate the food source randomly selected, each Solution undergoes iteration for several times, and the solution is given up if not improving;If some solution i is not successfully updated after iteration for several times, Initialization is re-started according to expression formula (9):
Xi=Xmin+rand(0,1)(Xmax-Xmin) (9)
In formula, Xmax、XminCoboundary and the lower boundary of domain are respectively indicated, rand (0,1) is indicated between 0 to 1 Random number;
Step S4. according to exported in step S3 optimal nectar source position vector setting neural network model initial weight and Threshold value;
Step S5. design back-propagation algorithm is simultaneously trained neural network with intrusion detection data, obtains nerve net Network IDS Framework;The back-propagation algorithm is a kind of method of general training neural network, by minimizing nerve The loss function of network, to adjust the weight and threshold value of neural network;Specifically comprise the following steps:
Step S5-1. designs back-propagation algorithm;Loss function of the squared error function as neural metwork training is selected, Simultaneously in order to avoid neural metwork training over-fitting, increase the quadratic sum of weight and threshold value in loss function, training process will It can be biased to smaller connection weight and threshold value, keep network output more smooth;
Stochastic gradient descent method is selected, weight and threshold value are adjusted with the negative gradient direction of loss function, iteration The value of loss function is reduced, and in order to improve the ability for jumping out local minimum in neural network training process, is calculating ladder It joined enchancement factor when spending, even if having fallen into local minimum point, calculated gradient may still be not zero, and have an opportunity to jump out office Portion's minimum continues searching;
Step S5-2. is using intrusion detection data as the training data of neural network, using back-propagation algorithm to nerve Network model is trained, and obtains neural network IDS Framework;
Step S6. examines network intrusions according to neural network IDS Framework planned network invader-inspecting software module Software module deployment real-time detection network traffic data in a network environment is surveyed, report is generated to the Abnormal network traffic detected It is alert;The network invasion monitoring software module specifically includes following module:
Attack warning module is the first layer of network invasion monitoring software, the variation of real time monitoring request stream, when request is flowed When reaching certain restriction threshold value, flow is forwarded to flow preprocessing module and carries out preliminary treatment;
Flow preprocessing module collects the network flow data packet received, carries out data prediction to data packet, concurrently Give neural network intrusion detection module;
Neural network intrusion detection module receives the data packet of flow preprocessing module forwarding, neural network intrusion detection mould Type detects data packet;
Attack-response module receives the testing result of neural network intrusion detection module, be Dos for testing result, 4 kinds of abnormal network data packets such as Probe, R2L, U2R, generate corresponding warning message.
The various detection method contrast tables of table 2
Intrusion detection BP neural network The BP neural network of ant colony algorithm optimization The present invention
Accuracy rate (%) 95.21 97.52 99.43
Missing rate (%) 1.32 0.61 0.31
Rate of false alarm (%) 3.45 1.95 0.62
Can be seen that intrusion detection method accuracy rate highest proposed by the invention from 2 testing result of table, up to 99% with On, the BP neural network intrusion detection method accuracy rate based on ant colony algorithm optimization then wants lower, and based on single BP nerve The intrusion detection method accuracy rate of network is worst.In general, the present invention is better than other two methods in function and performance.
The invention discloses the intrusion detection methods that a kind of fusion improves intelligent ant colony algorithm and BP neural network.Using changing Dependence of the BP neural network to initial parameter is avoided into intelligent ant colony algorithm, while accelerating the training of neural network, is improved The stability of algorithm.Network invasion monitoring software module is constructed, which is applied in intrusion detection, it is right Abnormal data flow is detected, and intrusion detection method of the present invention identification with higher and classification capacity are demonstrated.
It is discussed in detail although the contents of the present invention have passed through above preferred embodiment, but it should be appreciated that above-mentioned Description is not considered as limitation of the present invention.After those skilled in the art have read above content, for of the invention A variety of modifications and substitutions will be apparent from.Therefore, protection scope of the present invention should be limited to the appended claims.

Claims (1)

1. the intrusion detection method that a kind of fusion improves intelligent ant colony algorithm and BP neural network, which is characterized in that including as follows Step:
Step S1. collects network packet and is pre-processed, as IDS Framework training data;The pretreatment is specific Include the following steps:
Step S1-1. numeralization, for the character type feature in intrusion detection data, by being extended to unit vector come complete At numeralization;Assuming that this feature has k characteristic value, then k dimension unit vector is extended to;
It is uniformly mapped on [- 1,1] section by step S1-2. normalization, data bi-directional scaling;Calculation expression such as formula (1) shown in:
Wherein, x indicates initial data, xmaxIndicate the upper bound of initial data, xminIndicate that the lower bound of initial data, y indicate normalizing Data after change, ymaxIndicate the upper bound of data after normalizing, yminIndicate the lower bound of data after normalizing;
Step S2. designs multilayer neural network model, is that corresponding activation primitive is arranged in hidden layer and output layer neuron;It is described Multilayer neural network model is a kind of machine learning algorithm, is a kind of calculating mould of the structure and function of mimic biology neural network Type;Neural network is coupled by a large amount of artificial neuron to be calculated, and is a kind of Adaptable System;Specifically comprise the following steps:
The number of nodes of network layer is arranged in step S2-1., and the number of hidden layer and output layer neuron is arranged;
Step S2-2. establishes connection between neural network input layer, hidden layer and output layer, and corresponding weight and threshold value is arranged Parameter;
Step S2-3. is that corresponding activation primitive is arranged in hidden layer and output layer neuron, and neural network model is made to have classification Characteristic;
Step S3. carries out pre-training to neural network model using improved intelligent ant colony algorithm, exports optimal nectar source position Vector;The intelligent ant colony algorithm of the improvement is on the basis of classical artificial bee colony algorithm, in conjunction with depth-first search frame and two A search expression based on elite solution is formed;
The artificial bee colony algorithm is a kind of algorithm for simulating honeybee producting honey behavior, and role, which is divided into, to be employed bee, observation bee and detect Examine bee;Assuming that in D dimension space, population scale is 2 × N, employs bee number=observation bee number=N, nectar source with employ bee phase Corresponding, nectar source number is also N, and the position in i-th of nectar source is denoted as X={ X1,X2,X3,…,XN};The position in each nectar source represents excellent One candidate solution of change problem, the quality of the quantity reflection solution of nectar;
The depth-first search is a kind of to the greatest extent may be used for traversing tree or the algorithm of figure along the node of the extreme saturation tree of tree The branch of search tree that can be deep;Shown in search expression based on elite solution such as formula (2) and formula (3):
Vi,j=Xe,ji,j×(Xe,j-Xk,j) (2)
Wherein, i and k random selection in { 1,2 ... N }, j random selection, V from { 1,2 ..., D }i,jIt is i-th of candidate nectar source Jth dimension;Xe,jIt is the jth dimension of e-th of food source, Xk,jIt is the jth dimension of k-th of food source;φi,jBe section [- 1,1] with Machine real number;
Wherein, XeFor solution randomly selected from elite solution, XkFor solution randomly selected from current population;E is not equal to k, and k Not equal to i;XbestFor current optimal solution, φe,jIt is the random real number in section [- 1,1];
The intelligent ant colony algorithm of the improvement specifically comprises the following steps: the search process in nectar source
Step S3-1. employs bee to carry out neighborhood search to current nectar source, generates new nectar source, more excellent according to Greedy principle selection selection Nectar source;
Step S3-2. observes bee and selects a nectar source according to the information for employing bee to share, and neighborhood search is carried out, according to Greedy principle Select more excellent nectar source;
Step S3-3. employs bee to abandon nectar source, is changed into search bee, and the nectar source that random search is new;In search process, bee is observed According to the information for employing bee to share, a nectar source is selected according to following formula in a manner of roulette:
In formula, piIndicate the probability in i-th of nectar source of selection, fit is the fitness of food source, fiIndicate the target of problem to be solved Functional value;
It employs bee to carry out neighborhood search according to the position of food source in memory, its adaptation can be assessed when finding new food source Degree, employs bee to be scanned for according to expression formula (6):
Vij=Xij+Rij(Xij-Xhj) (6)
In formula, i ∈ { 1,2 ..., N }, j ∈ { 1,2 ..., m }, XhjIn h randomly select, RijIt is one between [- 1,1] A random number, VijIndicate neighborhood food source, XijIndicate current foodstuff source, XhjIndicate the food source randomly selected, each solution experience Iteration for several times gives up the solution if not improving;If some solution i is not successfully updated after iteration for several times, according to table Initialization is re-started up to formula (7):
Xi=Xmin+rand(0,1)(Xmax-Xmin) (7)
In formula, Xmax、XminCoboundary and the lower boundary of domain are respectively indicated, rand (0,1) indicates random between 0 to 1 Number;
The initial weight and threshold of neural network model are arranged according to the optimal nectar source position vector exported in step S3 by step S4. Value;
Step S5. design back-propagation algorithm is simultaneously trained neural network with intrusion detection data, obtains neural network and enters Invade detection model;The back-propagation algorithm is a kind of method of general training neural network, by minimizing neural network Loss function, to adjust the weight and threshold value of neural network;Specifically comprise the following steps:
Step S5-1. designs back-propagation algorithm;Loss function of the squared error function as neural metwork training is selected, simultaneously In order to avoid neural metwork training over-fitting, increase the quadratic sum of weight and threshold value in loss function, training process will be inclined To smaller connection weight and threshold value, keep network output more smooth;
Stochastic gradient descent method is selected, weight and threshold value are adjusted with the negative gradient direction of loss function, iteration reduces The value of loss function, and in order to improve the ability for jumping out local minimum in neural network training process, when calculating gradient It joined enchancement factor, even if having fallen into local minimum point, calculated gradient may still be not zero, and have an opportunity to jump out part most It is small to continue searching;
Step S5-2. is using intrusion detection data as the training data of neural network, using back-propagation algorithm to neural network Model is trained, and obtains neural network IDS Framework;
Step S6. is soft by network invasion monitoring according to neural network IDS Framework planned network invader-inspecting software module Part module disposes real-time detection network traffic data in a network environment, generates alarm to the Abnormal network traffic detected;Institute It states network invasion monitoring software module and specifically includes following module:
Attack warning module is the first layer of network invasion monitoring software, the variation of real time monitoring request stream, when request stream reaches When certain restriction threshold value, flow is forwarded to flow preprocessing module and carries out preliminary treatment;
Flow preprocessing module collects the network flow data packet received, carries out data prediction to data packet, and be sent to Neural network intrusion detection module;
Neural network intrusion detection module receives the data packet of flow preprocessing module forwarding, neural network IDS Framework pair Data packet is detected;
Attack-response module receives the testing result of neural network intrusion detection module, be Dos, Probe for testing result, 4 kinds of abnormal network data packets such as R2L, U2R, generate corresponding warning message.
CN201810874273.7A 2018-08-03 2018-08-03 A kind of fusion improves the intrusion detection method of intelligent ant colony algorithm and BP neural network Pending CN109120610A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810874273.7A CN109120610A (en) 2018-08-03 2018-08-03 A kind of fusion improves the intrusion detection method of intelligent ant colony algorithm and BP neural network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810874273.7A CN109120610A (en) 2018-08-03 2018-08-03 A kind of fusion improves the intrusion detection method of intelligent ant colony algorithm and BP neural network

Publications (1)

Publication Number Publication Date
CN109120610A true CN109120610A (en) 2019-01-01

Family

ID=64851982

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810874273.7A Pending CN109120610A (en) 2018-08-03 2018-08-03 A kind of fusion improves the intrusion detection method of intelligent ant colony algorithm and BP neural network

Country Status (1)

Country Link
CN (1) CN109120610A (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109818798A (en) * 2019-02-19 2019-05-28 上海海事大学 A kind of wireless sensor network intruding detection system and method merging KPCA and ELM
CN109977972A (en) * 2019-03-29 2019-07-05 东北大学 A kind of intelligent characteristic recognition methods based on STEP
CN110082717A (en) * 2019-04-30 2019-08-02 上海海事大学 A kind of underwater wireless sensor node positioning method
CN110378430A (en) * 2019-07-23 2019-10-25 广东工业大学 A kind of method and system of the network invasion monitoring based on multi-model fusion
CN110719289A (en) * 2019-10-14 2020-01-21 北京理工大学 Industrial control network intrusion detection method based on multilayer feature fusion neural network
CN111027668A (en) * 2019-12-05 2020-04-17 深圳牛图科技有限公司 Neural network self-recommendation method based on greedy algorithm
CN111369074A (en) * 2020-03-31 2020-07-03 黑龙江大学 Corn yield prediction method based on artificial bee colony optimized BP neural network
CN111625816A (en) * 2020-04-21 2020-09-04 江西理工大学 Intrusion detection method and device
CN111860828A (en) * 2020-06-15 2020-10-30 北京仿真中心 Neural network training method, storage medium and equipment
CN111967506A (en) * 2020-07-31 2020-11-20 西安工程大学 Electroencephalogram signal classification method for optimizing BP neural network by artificial bee colony
CN112649642A (en) * 2020-12-14 2021-04-13 广东电网有限责任公司广州供电局 Electricity stealing position judging method, device, equipment and storage medium
CN112668688A (en) * 2020-12-30 2021-04-16 江西理工大学 Intrusion detection method, system, equipment and readable storage medium
CN113162914A (en) * 2021-03-16 2021-07-23 江西理工大学 Intrusion detection method and system based on Taylor neural network
CN113395276A (en) * 2021-06-10 2021-09-14 广东为辰信息科技有限公司 Network intrusion detection method based on self-encoder energy detection
CN113777000A (en) * 2021-10-09 2021-12-10 山东科技大学 Dust concentration detection method based on neural network
CN113965358A (en) * 2021-09-28 2022-01-21 石河子大学 Network security detection method and system for comprehensive energy system
CN114847196A (en) * 2022-05-31 2022-08-05 中国农业科学院农业信息研究所 Intelligent beehive and bee identification tracking counting system based on deep learning
CN115037553A (en) * 2022-07-07 2022-09-09 湖南工商大学 Information security monitoring model construction method and device, information security monitoring model application method and device, and storage medium
CN116208356A (en) * 2022-10-27 2023-06-02 浙江大学 Virtual currency mining flow detection method based on deep learning
CN116701884A (en) * 2023-08-03 2023-09-05 太行城乡建设集团有限公司 Highway engineering sewage quality prediction method based on ant colony-neural network algorithm

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101399672A (en) * 2008-10-17 2009-04-01 章毅 Intrusion detection method for fusion of multiple neutral networks
CN102710668A (en) * 2012-06-29 2012-10-03 上海海事大学 Data privacy guarantee method suitable for cloud storage
CN104484601A (en) * 2014-12-09 2015-04-01 中国科学院深圳先进技术研究院 Method and device for detecting intrusion on basis of weighted distance measurement and matrix decomposition
CN106330906A (en) * 2016-08-23 2017-01-11 上海海事大学 Method for detecting DDoS (Distributed Denial of Service) attack in big data environment
CN107292166A (en) * 2017-05-18 2017-10-24 广东工业大学 A kind of intrusion detection method based on CFA algorithms and BP neural network
CN108092989A (en) * 2017-12-28 2018-05-29 上海海事大学 A kind of ddos attack detection method based on intelligent ant colony algorithm

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101399672A (en) * 2008-10-17 2009-04-01 章毅 Intrusion detection method for fusion of multiple neutral networks
CN102710668A (en) * 2012-06-29 2012-10-03 上海海事大学 Data privacy guarantee method suitable for cloud storage
CN104484601A (en) * 2014-12-09 2015-04-01 中国科学院深圳先进技术研究院 Method and device for detecting intrusion on basis of weighted distance measurement and matrix decomposition
CN106330906A (en) * 2016-08-23 2017-01-11 上海海事大学 Method for detecting DDoS (Distributed Denial of Service) attack in big data environment
CN107292166A (en) * 2017-05-18 2017-10-24 广东工业大学 A kind of intrusion detection method based on CFA algorithms and BP neural network
CN108092989A (en) * 2017-12-28 2018-05-29 上海海事大学 A kind of ddos attack detection method based on intelligent ant colony algorithm

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
YANTAO ZHU,ET.AL: "《Structural Safety Monitoring of High Arch Dam Using Improved ABC-BP Model》", 《MATHEMATICAL PROBLEMS IN ENGINEERING》 *
杜振鑫等: "《一种遗传学习人工蜂群算法》", 《小型微型计算机系统》 *
杜振鑫等: "《基于全局无偏搜索策略的精英人工蜂群算法》", 《电子学报》 *
沈夏炯等: "《人工蜂群优化的BP神经网络在入侵检测中的应用》", 《计算机工程》 *
王龙: "《人工蜂群优化BP神经网络在入侵检测中的应用》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109818798A (en) * 2019-02-19 2019-05-28 上海海事大学 A kind of wireless sensor network intruding detection system and method merging KPCA and ELM
CN109977972B (en) * 2019-03-29 2023-02-07 东北大学 Intelligent feature identification method based on STEP
CN109977972A (en) * 2019-03-29 2019-07-05 东北大学 A kind of intelligent characteristic recognition methods based on STEP
CN110082717A (en) * 2019-04-30 2019-08-02 上海海事大学 A kind of underwater wireless sensor node positioning method
CN110378430A (en) * 2019-07-23 2019-10-25 广东工业大学 A kind of method and system of the network invasion monitoring based on multi-model fusion
CN110378430B (en) * 2019-07-23 2023-07-25 广东工业大学 Network intrusion detection method and system based on multi-model fusion
CN110719289A (en) * 2019-10-14 2020-01-21 北京理工大学 Industrial control network intrusion detection method based on multilayer feature fusion neural network
CN111027668A (en) * 2019-12-05 2020-04-17 深圳牛图科技有限公司 Neural network self-recommendation method based on greedy algorithm
CN111027668B (en) * 2019-12-05 2023-04-07 深圳牛图科技有限公司 Neural network self-recommendation method based on greedy algorithm
CN111369074A (en) * 2020-03-31 2020-07-03 黑龙江大学 Corn yield prediction method based on artificial bee colony optimized BP neural network
CN111625816A (en) * 2020-04-21 2020-09-04 江西理工大学 Intrusion detection method and device
CN111860828B (en) * 2020-06-15 2023-11-28 北京仿真中心 Neural network training method, storage medium and equipment
CN111860828A (en) * 2020-06-15 2020-10-30 北京仿真中心 Neural network training method, storage medium and equipment
CN111967506A (en) * 2020-07-31 2020-11-20 西安工程大学 Electroencephalogram signal classification method for optimizing BP neural network by artificial bee colony
CN112649642A (en) * 2020-12-14 2021-04-13 广东电网有限责任公司广州供电局 Electricity stealing position judging method, device, equipment and storage medium
CN112668688A (en) * 2020-12-30 2021-04-16 江西理工大学 Intrusion detection method, system, equipment and readable storage medium
CN113162914A (en) * 2021-03-16 2021-07-23 江西理工大学 Intrusion detection method and system based on Taylor neural network
CN113162914B (en) * 2021-03-16 2022-04-01 江西理工大学 Intrusion detection method and system based on Taylor neural network
CN113395276A (en) * 2021-06-10 2021-09-14 广东为辰信息科技有限公司 Network intrusion detection method based on self-encoder energy detection
CN113395276B (en) * 2021-06-10 2022-07-26 广东为辰信息科技有限公司 Network intrusion detection method based on self-encoder energy detection
CN113965358A (en) * 2021-09-28 2022-01-21 石河子大学 Network security detection method and system for comprehensive energy system
CN113777000A (en) * 2021-10-09 2021-12-10 山东科技大学 Dust concentration detection method based on neural network
CN113777000B (en) * 2021-10-09 2024-04-12 山东科技大学 Dust concentration detection method based on neural network
CN114847196B (en) * 2022-05-31 2022-11-01 中国农业科学院农业信息研究所 Intelligent beehive and bee identification tracking counting system based on deep learning
CN114847196A (en) * 2022-05-31 2022-08-05 中国农业科学院农业信息研究所 Intelligent beehive and bee identification tracking counting system based on deep learning
CN115037553A (en) * 2022-07-07 2022-09-09 湖南工商大学 Information security monitoring model construction method and device, information security monitoring model application method and device, and storage medium
CN116208356B (en) * 2022-10-27 2023-09-29 浙江大学 Virtual currency mining flow detection method based on deep learning
CN116208356A (en) * 2022-10-27 2023-06-02 浙江大学 Virtual currency mining flow detection method based on deep learning
CN116701884B (en) * 2023-08-03 2023-10-27 太行城乡建设集团有限公司 Highway engineering sewage quality prediction method based on ant colony-neural network algorithm
CN116701884A (en) * 2023-08-03 2023-09-05 太行城乡建设集团有限公司 Highway engineering sewage quality prediction method based on ant colony-neural network algorithm

Similar Documents

Publication Publication Date Title
CN109120610A (en) A kind of fusion improves the intrusion detection method of intelligent ant colony algorithm and BP neural network
Alazzam et al. A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer
Al-Zewairi et al. Experimental evaluation of a multi-layer feed-forward artificial neural network classifier for network intrusion detection system
Zhong et al. HELAD: A novel network anomaly detection model based on heterogeneous ensemble learning
Hosseini et al. New hybrid method for attack detection using combination of evolutionary algorithms, SVM, and ANN
Mishra et al. Swarm intelligence in anomaly detection systems: an overview
Ghanem et al. An efficient intrusion detection model based on hybridization of artificial bee colony and dragonfly algorithms for training multilayer perceptrons
Ghanem et al. Training a neural network for cyberattack classification applications using hybridization of an artificial bee colony and monarch butterfly optimization
CN107846392A (en) A kind of intrusion detection algorithm based on improvement coorinated training ADBN
Lu et al. Intrusion detection of wireless sensor networks based on IPSO algorithm and BP neural network
Masarat et al. A novel framework, based on fuzzy ensemble of classifiers for intrusion detection systems
Beitollahi et al. Application layer DDoS attack detection using cuckoo search algorithm-trained radial basis function
Makkar et al. PROTECTOR: An optimized deep learning-based framework for image spam detection and prevention
Qiu et al. An adaptive social spammer detection model with semi-supervised broad learning
Dixit et al. Comparing and analyzing applications of intelligent techniques in cyberattack detection
Xiao et al. Network security situation prediction method based on MEA-BP
Ghaleb et al. Training neural networks by enhance grasshopper optimization algorithm for spam detection system
Qian et al. Intrusion detection based on neural networks and artificial bee colony algorithm
Wang et al. Network intrusion detection method based on improved CNN in Internet of Things environment
Manasa et al. Tweet Spam Detection Using Machine Learning and Swarm Optimization Techniques
Duan et al. Design of intrusion detection system based on improved ABC_elite and BP neural networks
CN116916317A (en) Invasion detection method based on white shark and random forest
CN115422995A (en) Intrusion detection method for improving social network and neural network
Moukhafi et al. Artificial neural network optimized by genetic algorithm for intrusion detection system
Zhao et al. A Situation Awareness Approach for Network Security Using the Fusion Model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190101