【摘要】 针对基于演化计算的网络入侵检测存在演化过程时间和空间开销大、误警率高等问题,采用基因表达式编程(GEP)模式表示入侵检测规则,提出针对GEP入侵检测规则的约束文法,并通过增加规则约束判断及处理过程改进GEP基本演化流程,生成满足约束的入侵检测规则.最后使用KDD CUP′99 DATA对该策略进行评估,所生成规则只需2个网络属性,在测试集中检测率为89.79%,误警率为0.41%.实验结果表明:在较小种群和低演化代数内,GEP规则约束和演化策略获得的规则有效而简洁,可检测到未知入侵,在保持较高检测率的同时可获得低误警率.更多还原

【Abstract】 The large time and memory space requirement during training data preprocessing and evolution,and high false alarm rate are major drawbacks of network intrusion detection techniques based on evolutionary computation.The intrusion detection rules were representated using gene expression programming(GEP).A formal definition of rule constraint grammar for intrusion detection GEP-based rule was proposed.In order to generate constraint-satisfied rules,the rule constraint judgement and processing was added into GEP basic evolution processes.Finally,the KDD CUP’99 DATA was used for evaluation.In the test set,the probability of detection is 89.79 % and false alarm rate is 0.41 %.The results indicate that the rules can be generated in small populations and less evolution generation through the proposed constraint and evolution strategy.The rules are effective,simple,and capable of detecting unknown intrusions.The false alarm rate is low remaining the high probability of detection.更多还原