LDA-ID:基于 LDA 的实时网络入侵检测框架

IF 3.1 3区 计算机科学 Q2 TELECOMMUNICATIONS
Weidong Zhou, Shengwei Lei, Chunhe Xia, Tianbo Wang
{"title":"LDA-ID:基于 LDA 的实时网络入侵检测框架","authors":"Weidong Zhou, Shengwei Lei, Chunhe Xia, Tianbo Wang","doi":"10.23919/JCC.ea.2021-0446.202302","DOIUrl":null,"url":null,"abstract":"Network intrusion poses a severe threat to the Internet. However, existing intrusion detection models cannot effectively distinguish different intrusions with high-degree feature overlap. In addition, efficient real-time detection is an urgent problem. To address the two above problems, we propose a Latent Dirichlet Allocation topic model-based framework for real-time network Intrusion Detection (LDA-ID), consisting of static and online LDA-ID. The problem of feature overlap is transformed into static LDA-ID topic number optimization and topic selection. Thus, the detection is based on the latent topic features. To achieve efficient real-time detection, we design an online computing mode for static LDA-ID, in which a parameter iteration method based on momentum is proposed to balance the contribution of prior knowledge and new information. Furthermore, we design two matching mechanisms to accommodate the static and online LDA-ID, respectively. Experimental results on the public NSL-KDD and UNSW-NB15 datasets show that our framework gets higher accuracy than the others.","PeriodicalId":9814,"journal":{"name":"China Communications","volume":"601 ","pages":"166-181"},"PeriodicalIF":3.1000,"publicationDate":"2023-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"LDA-ID: An LDA-based framework for real-time network intrusion detection\",\"authors\":\"Weidong Zhou, Shengwei Lei, Chunhe Xia, Tianbo Wang\",\"doi\":\"10.23919/JCC.ea.2021-0446.202302\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network intrusion poses a severe threat to the Internet. However, existing intrusion detection models cannot effectively distinguish different intrusions with high-degree feature overlap. In addition, efficient real-time detection is an urgent problem. To address the two above problems, we propose a Latent Dirichlet Allocation topic model-based framework for real-time network Intrusion Detection (LDA-ID), consisting of static and online LDA-ID. The problem of feature overlap is transformed into static LDA-ID topic number optimization and topic selection. Thus, the detection is based on the latent topic features. To achieve efficient real-time detection, we design an online computing mode for static LDA-ID, in which a parameter iteration method based on momentum is proposed to balance the contribution of prior knowledge and new information. Furthermore, we design two matching mechanisms to accommodate the static and online LDA-ID, respectively. Experimental results on the public NSL-KDD and UNSW-NB15 datasets show that our framework gets higher accuracy than the others.\",\"PeriodicalId\":9814,\"journal\":{\"name\":\"China Communications\",\"volume\":\"601 \",\"pages\":\"166-181\"},\"PeriodicalIF\":3.1000,\"publicationDate\":\"2023-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"China Communications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.23919/JCC.ea.2021-0446.202302\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"TELECOMMUNICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"China Communications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.23919/JCC.ea.2021-0446.202302","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
引用次数: 0

摘要

网络入侵对互联网构成严重威胁。然而,现有的入侵检测模型无法有效区分特征高度重叠的不同入侵。此外,高效的实时检测也是一个亟待解决的问题。针对上述两个问题,我们提出了一种基于潜狄利克特分配(Latent Dirichlet Allocation)主题模型的实时网络入侵检测(LDA-ID)框架,包括静态和在线 LDA-ID。特征重叠问题被转化为静态 LDA-ID 主题数优化和主题选择。因此,检测是基于潜在主题特征的。为了实现高效的实时检测,我们为静态 LDA-ID 设计了一种在线计算模式,其中提出了一种基于动量的参数迭代方法,以平衡先验知识和新信息的贡献。此外,我们还设计了两种匹配机制,分别适用于静态和在线 LDA-ID。在公开的 NSL-KDD 和 UNSW-NB15 数据集上的实验结果表明,我们的框架比其他框架获得了更高的准确率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
LDA-ID: An LDA-based framework for real-time network intrusion detection
Network intrusion poses a severe threat to the Internet. However, existing intrusion detection models cannot effectively distinguish different intrusions with high-degree feature overlap. In addition, efficient real-time detection is an urgent problem. To address the two above problems, we propose a Latent Dirichlet Allocation topic model-based framework for real-time network Intrusion Detection (LDA-ID), consisting of static and online LDA-ID. The problem of feature overlap is transformed into static LDA-ID topic number optimization and topic selection. Thus, the detection is based on the latent topic features. To achieve efficient real-time detection, we design an online computing mode for static LDA-ID, in which a parameter iteration method based on momentum is proposed to balance the contribution of prior knowledge and new information. Furthermore, we design two matching mechanisms to accommodate the static and online LDA-ID, respectively. Experimental results on the public NSL-KDD and UNSW-NB15 datasets show that our framework gets higher accuracy than the others.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
China Communications
China Communications 工程技术-电信学
CiteScore
8.00
自引率
12.20%
发文量
2868
审稿时长
8.6 months
期刊介绍: China Communications (ISSN 1673-5447) is an English-language monthly journal cosponsored by the China Institute of Communications (CIC) and IEEE Communications Society (IEEE ComSoc). It is aimed at readers in industry, universities, research and development organizations, and government agencies in the field of Information and Communications Technologies (ICTs) worldwide. The journal's main objective is to promote academic exchange in the ICTs sector and publish high-quality papers to contribute to the global ICTs industry. It provides instant access to the latest articles and papers, presenting leading-edge research achievements, tutorial overviews, and descriptions of significant practical applications of technology. China Communications has been indexed in SCIE (Science Citation Index-Expanded) since January 2007. Additionally, all articles have been available in the IEEE Xplore digital library since January 2013.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信