CN116738415A - Particle swarm optimization weighted naive Bayesian intrusion detection method and device - Google Patents

Abstract

The application discloses a particle swarm optimization weighted naive Bayesian intrusion detection method and a device, belonging to the technical field of computer network security, wherein the method comprises the following steps: collecting original data for intrusion detection; preprocessing the original data; extracting features of the preprocessed original data, and removing rough and fine features to obtain a required data set; optimizing the weight of the weighted naive Bayes by adopting a particle swarm optimization algorithm, and constructing a weighted naive Bayes classifier; training the weighted naive Bayes classifier by utilizing the data set to obtain an optimized weighted naive Bayes classifier; and performing intrusion detection by using an optimized weighted naive Bayesian classifier, and storing detection results. The method combines the advantages of the particle swarm algorithm and the weighted naive Bayes algorithm, and solves the problem of redundancy of characteristic items and the problem of strong independence among the characteristic items of the traditional naive Bayes algorithm; the high-dimensional complex intrusion behavior can be effectively detected.

Description

Particle swarm optimization weighted naive Bayesian intrusion detection method and device

Technical Field

The application relates to a particle swarm optimization-based weighted naive Bayesian intrusion detection method and device, belonging to the technical field of computer network security.

Background

In recent years, computer network security concerns have been associated with various areas of economy, science, technology, education, and business. In order to protect the security of such information, research into computer network security must be enhanced. In modern networks, the penetration of wireless networks has become a persistent process. Thus, host-based intrusion detection systems are one of the most effective ways to bypass network peripheral attackers.

Intrusion detection is a security technique whose primary purposes include identifying intruders, identifying intrusion behavior, detecting and monitoring successful security breaches, and providing important information for responding to measures in time. The host intrusion detection technology is an intrusion detection technology capable of preventing further attacks through post analysis, and has the advantages of high detection cost performance, concentrated detection vision, easiness in user cutting, no need of additionally arranging a hardware platform and the like.

The naive Bayesian algorithm is a host intrusion detection algorithm based on Bayesian theorem. It detects whether there is an attack on the network and the identity of the attacker by analyzing the network traffic characteristics. The basis of the algorithm is probability statistics, and the method can quantitatively analyze the detection result, so that the accuracy and reliability of network security detection are improved. Host intrusion detection is an important problem in the field of computer network security, and a naive Bayesian algorithm is used as an effective detection method and is widely applied to practical application. Although the naive bayes algorithm has strong inference capability and stable classification efficiency, and has smaller error rate than other algorithms, the naive bayes algorithm also has larger defects, such as a feature term redundancy problem and a feature term independent problem. Therefore, the application designs a particle swarm optimization weighted naive Bayesian intrusion detection method aiming at the situation.

Disclosure of Invention

In order to solve the problems, the application provides a particle swarm optimization weighted naive Bayesian intrusion detection method and device, which can solve the problem of redundancy of characteristic items of a traditional naive Bayesian algorithm, can optimize the problem of strong independence among the characteristic items, improve the intrusion detection efficiency and accuracy, and effectively intercept intrusion behaviors.

The technical scheme adopted for solving the technical problems is as follows:

in a first aspect, an embodiment of the present application provides a particle swarm optimization weighted naive bayes intrusion detection method, including the following steps:

collecting original data for intrusion detection;

preprocessing the original data;

extracting features of the preprocessed original data, and removing rough and fine features to obtain a required data set;

optimizing the weight of the weighted naive Bayes by adopting a particle swarm optimization algorithm, and constructing a weighted naive Bayes classifier;

training the weighted naive Bayes classifier by utilizing the data set to obtain an optimized weighted naive Bayes classifier;

and performing intrusion detection by using an optimized weighted naive Bayesian classifier, and storing detection results.

As one possible implementation manner of this embodiment, the raw data includes: the user enters information, network traffic, and database access logs.

As a possible implementation manner of this embodiment, the preprocessing the raw data includes:

cleaning and de-duplication processing are carried out on the original data, and cleaning the original data comprises filling the data value of the gap, eliminating noise data and correcting inconsistent data;

the original data is subjected to standardization processing: the symbolic attribute of the data is encoded, converting the symbolic attribute into a numeric attribute.

As a possible implementation manner of this embodiment, after performing a feature extraction process on the preprocessed raw data, a feature extraction method includes filtering features, hash features, tree features and support vector machine features.

As a possible implementation manner of this embodiment, after the preprocessing, the feature extraction process is performed on the raw data, where the extracted features include the user IP address, the historical login time, and the visited URL.

As a possible implementation manner of this embodiment, the optimizing the weights of the weighted naive bayes by using a particle swarm optimization algorithm, and constructing a weighted naive bayes classifier includes:

step 1: initializing a particle swarm, wherein the particle swarm comprises a particle number m, a maximum iteration number T and a learning factor，/>Maximum and minimum value of inertial weight +.>，/>And the speed range of the particles [ ]>]；

Step 2: calculating posterior probability according to a Bayesian formula, classifying samples, calculating fitness value of each particle, setting initial optimal value of the particle as current fitness value, and comparing the initial optimal value to calculate overall optimal value, wherein the Bayesian formula is as follows:

（1）

wherein ,for n-dimensional attribute vector->For the collection of classes i=1, 2,..m ∈>Is a priori probability;

the formula for classifying the samples is:

（2）

wherein ,is attribute variable +>Weights of (2);

step 3: calculating the individual optimal position and the global optimal position of the particles, and updating the individual extremumAnd global extremum->；

Step 4: the inertial weights ω are updated using:

（3）

wherein T is the maximum iteration number, and T is the current iteration number;

updating learning factors using、/>

（4）

wherein ,；

step 5: the velocity and position of the particles are updated using:

（5）

（6）

wherein ,for particle self-learning experience, < >>The method is a particle society learning experience; k is the iteration number; w is inertial weight; />Velocity vector of the d-th dimension in the kth iteration for particle i +.>A position vector of the particle i in the d-th dimension in the k-th iteration; />The position of the particle i in the d dimension in the kth iteration; />The position of the d dimension in the kth iteration for the population;

step 6: if the iteration times T is less than T, repeating the steps 2 to 5; if T > T, a classifier is constructed using the global extremum.

As a possible implementation manner of this embodiment, the particle swarm optimization-based weighted naive bayes intrusion detection method further includes the following steps:

when the optimized weighted naive Bayesian classifier is used for intrusion detection, abnormal intrusion is found, and new alarm information occurs.

In a second aspect, an embodiment of the present application provides a particle swarm optimization weighted naive bayes intrusion detection device, including:

the data acquisition module is used for acquiring original data for intrusion detection;

the data preprocessing module is used for preprocessing the original data;

the feature extraction module is used for carrying out feature extraction on the preprocessed original data and removing rough and fine extraction on feature attributes to obtain a required data set;

the classifier construction module is used for optimizing the weight of the weighted naive Bayes by adopting a particle swarm optimization algorithm to construct a weighted naive Bayes classifier;

the classifier training module is used for training the weighted naive Bayes classifier by utilizing the data set to obtain an optimized weighted naive Bayes classifier;

and the intrusion detection module is used for performing intrusion detection by using the optimized weighted naive Bayesian classifier and storing detection results.

As a possible implementation manner of this embodiment, the particle swarm optimization-based weighted naive bayes intrusion detection device further includes:

the abnormal intrusion alarm module is used for finding abnormal intrusion and generating new alarm information when the intrusion detection is carried out by using the optimized weighted naive Bayesian classifier.

In a third aspect, an embodiment of the present application provides a particle swarm optimization weighted naive bayes intrusion detection method, including the following steps:

collecting original data for intrusion detection, and cleaning and removing noise;

carrying out data deduplication, data normalization and feature standardization pretreatment on the original data;

extracting features of the preprocessed original data by adopting a filtering feature, a hash feature, a tree feature or a support vector machine feature method to obtain a required data set;

reducing a sample attribute feature set in the data set by using a rough set theory, and performing dimension reduction treatment on the feature;

optimizing the attribute weight of the weighted naive Bayesian algorithm by using a particle swarm algorithm to obtain an optimal solution of the attribute weight;

constructing a Bayesian classifier by using the optimal solution;

and performing intrusion detection by using a Bayesian classifier, and storing detection results.

In a fourth aspect, an embodiment of the present application provides a particle swarm optimization weighted naive bayes intrusion detection device, including:

the data acquisition module is used for acquiring original data for intrusion detection, and cleaning and noise removal processing are carried out;

the data preprocessing module is used for carrying out data deduplication, data normalization and characteristic standardization preprocessing on the original data;

the feature extraction module is used for carrying out feature extraction on the preprocessed original data by adopting a filtering feature, a hash feature, a tree feature or a support vector machine feature method to obtain a required data set;

the feature dimension reduction processing module is used for reducing a sample attribute feature set in the data set by using a rough set theory and carrying out dimension reduction processing on the feature;

the algorithm optimization module is used for optimizing the attribute weight of the weighted naive Bayesian algorithm by utilizing the particle swarm algorithm so as to obtain an optimal solution of the attribute weight;

the classifier construction module is used for constructing a Bayesian classifier by using the optimal solution;

and the intrusion detection module is used for performing intrusion detection by using a Bayesian classifier and storing detection results.

The technical scheme of the embodiment of the application has the following beneficial effects:

the particle swarm optimization weighted naive Bayesian intrusion detection method based on the technical scheme of the embodiment of the application comprises the following steps: collecting original data for intrusion detection; preprocessing the original data; extracting features of the preprocessed original data, and removing rough and fine features to obtain a required data set; optimizing the weight of the weighted naive Bayes by adopting a particle swarm optimization algorithm, and constructing a weighted naive Bayes classifier; training the weighted naive Bayes classifier by utilizing the data set to obtain an optimized weighted naive Bayes classifier; and performing intrusion detection by using an optimized weighted naive Bayesian classifier, and storing detection results. According to the method, the particle swarm optimization algorithm is used for optimizing the weight of the weighted naive Bayes, then the particle swarm optimized weighted naive Bayes algorithm (PSO-WNB) is used for training the classifier to obtain the classifier with higher efficiency, the problem that the conventional naive Bayes algorithm is low in feature item redundancy and feature item independence and high in detection efficiency of complex intrusion behaviors is solved, the intrusion detection efficiency and accuracy are improved, and intrusion behaviors are effectively intercepted. In the data preprocessing process, the data are cleaned and subjected to de-duplication processing, so that the influence of repeated information in the data on the model is avoided; and the data is subjected to standardized processing, so that the difference between the features is more obvious, and the accuracy of the classifier is improved. The method combines the advantages of the particle swarm algorithm and the weighted naive Bayes algorithm, and solves the problem of redundancy of characteristic items and the problem of strong independence among the characteristic items of the traditional naive Bayes algorithm; experiments prove that the classifier has higher detection rate and robustness, and can effectively detect high-dimensional complex intrusion behaviors.

Another particle swarm optimization weighted naive bayes intrusion detection method based on the technical scheme of the embodiment of the application comprises the following steps: collecting original data for intrusion detection, and cleaning and removing noise; carrying out data deduplication, data normalization and feature standardization pretreatment on the original data; extracting features of the preprocessed original data by adopting a filtering feature, a hash feature, a tree feature or a support vector machine feature method to obtain a required data set; reducing a sample attribute feature set in the data set by using a rough set theory, and performing dimension reduction treatment on the feature; optimizing the attribute weight of the weighted naive Bayesian algorithm by using a particle swarm algorithm to obtain an optimal solution of the attribute weight; constructing a Bayesian classifier by using the optimal solution; and performing intrusion detection by using a Bayesian classifier, and storing detection results. The application carries out data de-duplication, data normalization and feature standardization preprocessing on the original data, so that the weights among the features are consistent, the robustness of the classifier is improved, the preprocessed original data is subjected to feature extraction by adopting a filtering feature, a hash feature, a tree feature or a support vector machine feature method, and information which is significant for intrusion detection is extracted from the original data; the improved particle swarm algorithm updates the speed and the position formula by adopting a weighing factor method, so that local optimization is avoided, and the accuracy and the robustness of the classifier are improved; the method combines the advantages of the particle swarm algorithm and the weighted naive Bayes algorithm, and solves the problem of redundancy of characteristic items and the problem of strong independence among the characteristic items of the traditional naive Bayes algorithm; experiments prove that the classifier has higher detection rate and robustness, and can effectively detect high-dimensional complex intrusion behaviors.

Drawings

FIG. 1 is a flow chart illustrating a particle swarm optimization-based weighted naive Bayesian intrusion detection method in accordance with an exemplary embodiment;

FIG. 2 is a flowchart illustrating a method for optimizing weights of weighted naive Bayes using a particle swarm optimization algorithm, according to an example embodiment;

FIG. 3 is a schematic diagram of a particle swarm optimization-based weighted naive Bayesian intrusion detection apparatus, according to an example embodiment;

FIG. 4 is a flow chart illustrating another particle swarm optimization-based weighted naive Bayesian intrusion detection method in accordance with an exemplary embodiment;

fig. 5 is a schematic diagram of another particle swarm optimization-based weighted naive bayes intrusion detection device according to an example embodiment.

Detailed Description

The application is further illustrated by the following examples in conjunction with the accompanying drawings:

in order to clearly illustrate the technical features of the present solution, the present application will be described in detail below with reference to the following detailed description and the accompanying drawings. The following disclosure provides many different embodiments, or examples, for implementing different structures of the application. In order to simplify the present disclosure, components and arrangements of specific examples are described below. Furthermore, the present application may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed. It should be noted that the components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and processes are omitted so as to not unnecessarily obscure the present application.

Example 1

As shown in fig. 1, an embodiment of the present application provides a particle swarm optimization weighted naive bayes intrusion detection method, which includes the following steps:

collecting original data for intrusion detection;

preprocessing the original data;

extracting features of the preprocessed original data, and removing rough and fine features to obtain a required data set;

optimizing the weight of the weighted naive Bayes by adopting a particle swarm optimization algorithm, and constructing a weighted naive Bayes classifier;

training the weighted naive Bayes classifier by utilizing the data set to obtain an optimized weighted naive Bayes classifier;

and performing intrusion detection by using an optimized weighted naive Bayesian classifier, and storing detection results.

As one possible implementation manner of this embodiment, the raw data includes: the user enters information, network traffic, and database access logs.

As a possible implementation manner of this embodiment, the preprocessing the raw data includes:

cleaning and de-duplication processing are carried out on the original data, and cleaning the original data comprises filling the data value of the gap, eliminating noise data and correcting inconsistent data;

the original data is subjected to standardization processing: the symbolic attribute of the data is encoded, converting the symbolic attribute into a numeric attribute.

In the data preprocessing process, cleaning and de-duplication processing are carried out on the data, so that the influence of repeated information in the data on a model is avoided; and the data is subjected to standardized processing, so that the difference between the features is more obvious, and the accuracy of the classifier is improved.

As a possible implementation manner of this embodiment, after performing a feature extraction process on the preprocessed raw data, a feature extraction method includes filtering features, hash features, tree features and support vector machine features.

As a possible implementation manner of this embodiment, after the preprocessing, the feature extraction process is performed on the raw data, where the extracted features include the user IP address, the historical login time, and the visited URL. These features can help the bayesian algorithm to better understand the meaning of the data, thereby improving the accuracy of the classifier.

As a possible implementation manner of this embodiment, as shown in fig. 2, the optimizing the weights of the weighted naive bayes by using the particle swarm optimization algorithm, and constructing a weighted naive bayes classifier includes:

step 1: initializing a particle swarm comprising a particle number m (i.e. particle swarm size), a maximum iteration number T, a learning factor，/>Maximum and minimum value of inertial weight +.>，/>And the speed range of the particles [ ]>]；

Step 2: calculating posterior probability according to a Bayesian formula, classifying samples, calculating fitness value of each particle, setting initial optimal value of the particle as current fitness value, and comparing the initial optimal value to calculate overall optimal value, wherein the Bayesian formula is as follows:

（1）

wherein the n-dimensional attribute vectorRepresenting n attribute variables +.>Is used for the measurement of (a),is a class set, which takes the value +.>(here->Not learning factors described later), +.>Is a priori probability;

the formula for classifying the samples is:

（2）

wherein ,is attribute variable +>Weights of (2); i is particle number, i=1, 2,..m;

step 3: calculating the individual optimal position and the global optimal position of the particles, and updating the individual extremumAnd global extremum->；The optimal position (individual optimal solution) searched for the ith particle; />The best position searched for the population (population optimal solution);

step 4: the inertial weights ω are updated using:

（3）

wherein T is the maximum iteration number, and T is the current iteration number;

updating learning factors using、/>

（4）

wherein ,；/>learning factors for an individual; />Is a group learning factor;

step 5: the velocity and position of the particles are updated using:

（5）

（6）

wherein ,for particle self-learning experience, < >>Is the learning experience of particle society, r1, r2 are interval [0 1 ]]Random numbers in the search module, so that the randomness of the search is increased; />The position of the particle i in the d dimension in the kth iteration; />The position of the d dimension in the kth iteration for the population; d is the particle dimension; k is the iteration number; w is inertial weight; />A velocity vector (distance and direction of particle movement) of the d-th dimension in the kth iteration for particle i; />A position vector of the particle i in the d-th dimension in the k-th iteration;

step 6: if the iteration times T is less than T, repeating the steps 2 to 5; if T > T, a classifier is constructed using the global extremum.

Learning factorIndicating that the next action of the particles is derived from the weight occupied by the self-inspected part, and accelerating the particles to the optimal position of the individual; learning factor->Indicating that the next action of the particle is derived from the weights occupied by the empirical portion of the other particles, and the acceleration weights that push the particle toward the optimal position of the population.

As a possible implementation manner of this embodiment, the particle swarm optimization-based weighted naive bayes intrusion detection method further includes the following steps:

when the optimized weighted naive Bayesian classifier is used for intrusion detection, abnormal intrusion is found, and new alarm information occurs.

As shown in fig. 3, corresponding to the above method, an embodiment of the present application further provides a na iotave bayesian intrusion detection device based on particle swarm optimization, which includes:

the data acquisition module is used for acquiring original data for intrusion detection;

the data preprocessing module is used for preprocessing the original data;

the feature extraction module is used for carrying out feature extraction on the preprocessed original data and removing rough and fine extraction on feature attributes to obtain a required data set;

the classifier construction module is used for optimizing the weight of the weighted naive Bayes by adopting a particle swarm optimization algorithm to construct a weighted naive Bayes classifier;

the classifier training module is used for training the weighted naive Bayes classifier by utilizing the data set to obtain an optimized weighted naive Bayes classifier;

and the intrusion detection module is used for performing intrusion detection by using the optimized weighted naive Bayesian classifier and storing detection results.

As a possible implementation manner of this embodiment, the particle swarm optimization-based weighted naive bayes intrusion detection device further includes:

the abnormal intrusion alarm module is used for finding abnormal intrusion and generating new alarm information when the intrusion detection is carried out by using the optimized weighted naive Bayesian classifier.

In the embodiment 1, the particle swarm optimization algorithm is used for optimizing the weight of the weighted naive Bayes, then the particle swarm optimized weighted naive Bayes algorithm (PSO-WNB) is used for training the classifier to obtain the classifier with higher efficiency, so that the problem of low detection efficiency of high-dimensional complex intrusion behaviors caused by the redundancy problem of the characteristic items of the traditional naive Bayes algorithm and the mutual independence between the characteristic items is rapidly and accurately solved, the intrusion detection efficiency and accuracy are improved, and the intrusion behaviors are effectively intercepted. In the data preprocessing process, the data are cleaned and subjected to de-duplication processing, so that the influence of repeated information in the data on the model is avoided; and the data is subjected to standardized processing, so that the difference between the features is more obvious, and the accuracy of the classifier is improved. The method combines the advantages of the particle swarm algorithm and the weighted naive Bayes algorithm, and solves the problem of redundancy of characteristic items and the problem of strong independence among the characteristic items of the traditional naive Bayes algorithm; experiments prove that the classifier has higher detection rate and robustness, and can effectively detect high-dimensional complex intrusion behaviors.

Example 2

As shown in fig. 4, an embodiment of the present application provides a particle swarm optimization weighted naive bayes intrusion detection method, which includes the following steps:

collecting original data for intrusion detection, and cleaning and removing noise;

carrying out data deduplication, data normalization and feature standardization pretreatment on the original data;

extracting features of the preprocessed original data by adopting a filtering feature, a hash feature, a tree feature or a support vector machine feature method to obtain a required data set;

reducing a sample attribute feature set in the data set by using a rough set theory, and performing dimension reduction treatment on the feature;

optimizing the attribute weight of the weighted naive Bayesian algorithm by using a particle swarm algorithm to obtain an optimal solution of the attribute weight;

constructing a Bayesian classifier by using the optimal solution;

and performing intrusion detection by using a Bayesian classifier, and storing detection results.

The method comprises the steps of carrying out data deduplication, data normalization and feature standardization preprocessing on original data, enabling weights among features to be consistent, improving robustness of a classifier, carrying out feature extraction on the preprocessed original data by adopting a filtering feature, a hash feature, a tree feature or a support vector machine feature method, and extracting information which is significant for intrusion detection from the original data; the improved particle swarm algorithm updates the speed and the position formula by adopting a weighing factor method, thereby avoiding local optimization and improving the accuracy and the robustness of the classifier.

As one possible implementation manner of this embodiment, the raw data includes: the user enters information, network traffic, and database access logs.

As a possible implementation manner of this embodiment, after the preprocessing, the feature extraction process is performed on the raw data, where the extracted features include the user IP address, the historical login time, and the visited URL.

As a possible implementation manner of this embodiment, as shown in fig. 2, the optimizing the weights of the weighted naive bayes by using the particle swarm optimization algorithm, and constructing a weighted naive bayes classifier includes:

step 1: initializing a particle swarm comprising a particle number m (i.e. particle swarm size), a maximum iteration number T, a learning factor，/>Maximum and minimum value of inertial weight +.>，/>And the speed range of the particles [ ]>]；

Step 2: calculating posterior probability according to a Bayesian formula, classifying samples, calculating fitness value of each particle, setting initial optimal value of the particle as current fitness value, and comparing the initial optimal value to calculate overall optimal value, wherein the Bayesian formula is as follows:

（1）

wherein the n-dimensional attribute vectorRepresenting n attribute variables +.>Is used for the measurement of (a),is a class set, which takes the value +.>(here->Not learning factors described later), +.>Is a priori probability;

the formula for classifying the samples is:

（2）

wherein ,is attribute variable +>Weights of (2); i is particle number, i=1, 2,..m;

step 3: calculating the individual optimal position and the global optimal position of the particles, and updating the individual extremumAnd global extremum->；/>The optimal position (individual optimal solution) searched for the ith particle; />The best position searched for the population (population optimal solution);

step 4: the inertial weights ω are updated using:

（3）

wherein T is the maximum iteration number, and T is the current iteration number;

updating learning factors using、/>

（4）

wherein ,；/>learning factors for an individual; />Learning factors for a population；

Step 5: the velocity and position of the particles are updated using:

（5）

（6）

wherein ,for particle self-learning experience, < >>Is the learning experience of particle society, r1, r2 are interval [0 1 ]]Random numbers in the search module, so that the randomness of the search is increased; />The position of the particle i in the d dimension in the kth iteration; />The position of the d dimension in the kth iteration for the population; d is the particle dimension; k is the iteration number; w is inertial weight; />A velocity vector (distance and direction of particle movement) of the d-th dimension in the kth iteration for particle i; />A position vector of the particle i in the d-th dimension in the k-th iteration;

step 6: if the iteration times T is less than T, repeating the steps 2 to 5; if T > T, a classifier is constructed using the global extremum.

Learning factorIndicating that the next action of the particles is derived from the weight occupied by the self-inspected part, and accelerating the particles to the optimal position of the individual; learning factor->Indicating that the next action of the particle is derived from the weights occupied by the empirical portion of the other particles, and the acceleration weights that push the particle toward the optimal position of the population.

As a possible implementation manner of this embodiment, the particle swarm optimization-based weighted naive bayes intrusion detection method further includes the following steps:

when the optimized weighted naive Bayesian classifier is used for intrusion detection, abnormal intrusion is found, and new alarm information occurs.

As shown in fig. 5, corresponding to the above method, an embodiment of the present application further provides a na iotave bayesian intrusion detection device based on particle swarm optimization, which includes:

the data acquisition module is used for acquiring original data for intrusion detection, and cleaning and noise removal processing are carried out;

the data preprocessing module is used for carrying out data deduplication, data normalization and characteristic standardization preprocessing on the original data;

the feature extraction module is used for carrying out feature extraction on the preprocessed original data by adopting a filtering feature, a hash feature, a tree feature or a support vector machine feature method to obtain a required data set;

the feature dimension reduction processing module is used for reducing a sample attribute feature set in the data set by using a rough set theory and carrying out dimension reduction processing on the feature;

the algorithm optimization module is used for optimizing the attribute weight of the weighted naive Bayesian algorithm by utilizing the particle swarm algorithm so as to obtain an optimal solution of the attribute weight;

the classifier construction module is used for constructing a Bayesian classifier by using the optimal solution;

and the intrusion detection module is used for performing intrusion detection by using a Bayesian classifier and storing detection results.

As a possible implementation manner of this embodiment, the particle swarm optimization-based weighted naive bayes intrusion detection device further includes:

the abnormal intrusion alarm module is used for finding abnormal intrusion and generating new alarm information when the intrusion detection is carried out by using the optimized weighted naive Bayesian classifier.

In the embodiment 2, the original data is subjected to data deduplication, data normalization and feature standardization preprocessing, so that the weights among the features are consistent, the robustness of the classifier is improved, the preprocessed original data is subjected to feature extraction by adopting a filtering feature, a hash feature, a tree feature or a support vector machine feature method, and information significant for intrusion detection is extracted from the original data; the improved particle swarm algorithm updates the speed and the position formula by adopting a weighing factor method, so that local optimization is avoided, and the accuracy and the robustness of the classifier are improved; embodiment 2 combines the advantages of the particle swarm algorithm and the weighted naive Bayes algorithm, and solves the problem of feature item redundancy and the problem of strong independence between feature items of the traditional naive Bayes algorithm; experiments prove that the classifier has higher detection rate and robustness, and can effectively detect high-dimensional complex intrusion behaviors.

Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present application and not for limiting the same, and although the present application has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the application without departing from the spirit and scope of the application, which is intended to be covered by the claims.

Claims (10)

1. The particle swarm optimization weighted naive Bayesian intrusion detection method is characterized by comprising the following steps of:

collecting original data for intrusion detection;

preprocessing the original data;

extracting features of the preprocessed original data, and removing rough and fine features to obtain a required data set;

optimizing the weight of the weighted naive Bayes by adopting a particle swarm optimization algorithm, and constructing a weighted naive Bayes classifier;

training the weighted naive Bayes classifier by utilizing the data set to obtain an optimized weighted naive Bayes classifier;

and performing intrusion detection by using an optimized weighted naive Bayesian classifier, and storing detection results.

2. The particle swarm optimization-based weighted naive bayes intrusion detection method of claim 1, wherein the raw data comprises: the user enters information, network traffic, and database access logs.

3. The particle swarm optimization-based weighted naive bayes intrusion detection method according to claim 1, wherein the preprocessing the raw data comprises:

cleaning and de-duplication processing are carried out on the original data, and cleaning the original data comprises filling the data value of the gap, eliminating noise data and correcting inconsistent data;

the original data is subjected to standardization processing: the symbolic attribute of the data is encoded, converting the symbolic attribute into a numeric attribute.

4. The particle swarm optimization-based weighted naive bayes intrusion detection method according to claim 1, wherein the feature extraction process is performed on the preprocessed raw data, and the feature extraction method comprises filtering features, hash features, tree features and support vector machine features.

5. The particle swarm optimization-based weighted naive bayes intrusion detection method according to claim 1, wherein the feature extraction process is performed on the preprocessed raw data, and the extracted features include user IP address, historical login time and visited URL.

6. The particle swarm optimization-based weighted naive bayes intrusion detection method according to claim 1, wherein the optimizing the weights of the weighted naive bayes by using the particle swarm optimization algorithm to construct a weighted naive bayes classifier comprises:

step 1: initializing a particle swarm, wherein the particle swarm comprises a particle number m, a maximum iteration number T and a learning factor，/>Maximum and minimum value of inertial weight +.>，/>And the speed range of the particles [ ]>]；

Step 2: calculating posterior probability according to a Bayesian formula, classifying samples, calculating fitness value of each particle, setting initial optimal value of the particle as current fitness value, and comparing the initial optimal value to calculate overall optimal value, wherein the Bayesian formula is as follows:

（1）

wherein ,for an n-dimensional attribute vector, ">For the collection of classes i=1, 2,..m,/-j->Is a priori probability;

the formula for classifying the samples is:

（2）

wherein ,is attribute variable +>Weights of (2);

step 3: calculating the individual optimal position and the global optimal position of the particles, and updating the individual extremumAnd global extremum->；

Step 4: the inertial weights ω are updated using:

（3）

wherein T is the maximum iteration number, and T is the current iteration number;

updating learning factors using、/>

（4）

wherein ,；

step 5: the velocity and position of the particles are updated using:

（5）

（6）

wherein ,for particle self-learning experience, < >>The method is a particle society learning experience; k is the iteration number; w is inertial weight; />A velocity vector of the particle i in the d-th dimension in the k-th iteration; />A position vector of the particle i in the d-th dimension in the k-th iteration; />The position of the particle i in the d dimension in the kth iteration; />The position of the d dimension in the kth iteration for the population;

step 6: if the iteration times T is less than T, repeating the steps 2 to 5; if T > T, a classifier is constructed using the global extremum.

7. The particle swarm optimization-based weighted naive bayes intrusion detection method according to any of claims 1-6, further comprising the steps of:

when the optimized weighted naive Bayesian classifier is used for intrusion detection, abnormal intrusion is found, and new alarm information occurs.

8. A particle swarm optimization-based weighted naive bayes intrusion detection device, comprising:

the data acquisition module is used for acquiring original data for intrusion detection;

the data preprocessing module is used for preprocessing the original data;

the feature extraction module is used for carrying out feature extraction on the preprocessed original data and removing rough and fine extraction on feature attributes to obtain a required data set;

the classifier construction module is used for optimizing the weight of the weighted naive Bayes by adopting a particle swarm optimization algorithm to construct a weighted naive Bayes classifier;

the classifier training module is used for training the weighted naive Bayes classifier by utilizing the data set to obtain an optimized weighted naive Bayes classifier;

and the intrusion detection module is used for performing intrusion detection by using the optimized weighted naive Bayesian classifier and storing detection results.

9. The particle swarm optimization weighted naive Bayesian intrusion detection method is characterized by comprising the following steps of:

collecting original data for intrusion detection, and cleaning and removing noise;

carrying out data deduplication, data normalization and feature standardization pretreatment on the original data;

extracting features of the preprocessed original data by adopting a filtering feature, a hash feature, a tree feature or a support vector machine feature method to obtain a required data set;

reducing a sample attribute feature set in the data set by using a rough set theory, and performing dimension reduction treatment on the feature;

optimizing the attribute weight of the weighted naive Bayesian algorithm by using a particle swarm algorithm to obtain an optimal solution of the attribute weight;

constructing a Bayesian classifier by using the optimal solution;

and performing intrusion detection by using a Bayesian classifier, and storing detection results.

10. A particle swarm optimization-based weighted naive bayes intrusion detection device, comprising:

the data acquisition module is used for acquiring original data for intrusion detection, and cleaning and noise removal processing are carried out;

the data preprocessing module is used for carrying out data deduplication, data normalization and characteristic standardization preprocessing on the original data;

the feature extraction module is used for carrying out feature extraction on the preprocessed original data by adopting a filtering feature, a hash feature, a tree feature or a support vector machine feature method to obtain a required data set;

the feature dimension reduction processing module is used for reducing a sample attribute feature set in the data set by using a rough set theory and carrying out dimension reduction processing on the feature;

the algorithm optimization module is used for optimizing the attribute weight of the weighted naive Bayesian algorithm by utilizing the particle swarm algorithm so as to obtain an optimal solution of the attribute weight;

the classifier construction module is used for constructing a Bayesian classifier by using the optimal solution;

and the intrusion detection module is used for performing intrusion detection by using a Bayesian classifier and storing detection results.