融合集成学习技术和PSO-GA算法的特征提取技术的入侵检测方法

doi:10.13229/j.cnki.jdxbgxb.20230751

摘要/Abstract

摘要：

针对工业网络的安全问题，提出了一种新的入侵检测方法，方法的具体创新之处分为两点。首先，在处理数据特征过程中，针对原始数据维度较高的问题，提出一种参数动态调整的粒子群优化-遗传混合算法，用于特征提取，成功筛选出了对模型训练有意义的特征子集，加快了模型训练速度。其次，在构建机器学习模型时，使用了堆叠集成学习框架对多个模型的输出结果进行泛化，以获得整体预测精度的提升。共在两个数据集上验证了本文方法的检测性能，试验结果表明：在公开的入侵检测数据集CICDS-2017上的检测精确度达到了95%，在由美国密西西比州立大学的Lan Turnipseed从天然气管道控制系统收集到的真实工业数据集上也达到了93%的精确度。

关键词: 计算机应用, 工业控制系统, 入侵检测, 集成学习, 特征提取

Abstract:

In response to the security issues in industrial networks， a new intrusion detection method is proposed. The specific innovations of the method are divided into two aspects. First， in the process of processing， in order to solve the problem of high dimensionality of the original data， a particle swarm optimize genetic algorithm （PSO-GA） hybrid algorithm with dynamically adjusted parameters was proposed for feature extraction. It successfully screened out a subset of features that are meaningful to model training and accelerated training speed. Secondly， when building a machine learning model， theStacking integrated learning framework is used to generalize the output results of multiple models to improve the overall prediction accuracy. The experimental results on both two datasets show that the detection precision on the publicly available intrusion detection dataset CICDS-2017 has reached 95%， and it also has a 93% precision on a real industrial dataset developed by Lan Turnipseed from the gas pipeline control system.

Key words: computer application, industrial control system, intrusion detection, ensemble learning, feature selection

中图分类号:

TP399

王军,司昌馥,王凯鹏,付强. 融合集成学习技术和PSO-GA算法的特征提取技术的入侵检测方法[J]. 吉林大学学报(工学版), 2025, 55(4): 1396-1405.

Jun WANG,Chang-fu SI,Kai-peng WANG,Qiang FU. Intrusion detection method based on ensemble learning and feature selection by PSO-GA[J]. Journal of Jilin University(Engineering and Technology Edition), 2025, 55(4): 1396-1405.

图/表 14

表1

表2

图1

图2

图3

图4

图5

图6

表3

表4

表5

图7

表6

表7

参考文献 26

1	Gaikwad D P, Thool R C.Intrusion detection system using bagging ensemble method of machine learning[C]∥International Conference on Computing Communication Control and Automation, Pune, India,2015: 291-295.
2	Shen Y, Zheng K, Wu C, et al. An ensemble method based on selection using bat algorithm for intrusion detection[J]. The Computer Journal, 2018, 61(4): 526-538.
3	Bhati B S, Chugh G, Al‐Turjman F, et al. An improved ensemble based intrusion detection technique using XGBoost[J]. Transactions on Emerging TeleCommunications Technologies, 2021, 32(6): No.e4076.
4	Mnih V, Heess N, Graves A, et al. Recurrent models of visual attention[J]. Advances in Neural Information Processing Systems, 2014, 27:1-12.
5	Ahmad I. Feature selection using particle swarm optimization in intrusion detection[J]. International Journal of Distributed Sensor Networks, 2015, 11(10):No. 806954.
6	Dickson A, Thomas C. Improved PSO for optimizing the performance of intrusion detection systems[J]. Journal of Intelligent & Fuzzy Systems, 2020, 38(5): 6537-6547.
7	Aziz M R, Alfoudi A S. Feature selection of the anomaly network intrusion detection based on restoration particle swarm optimization[J]. International Journal of Intelligent Engineering & Systems, 2022, 15(5):592-600.
8	Wei P, Li Y F, Zhang Z, et al. An optimization method for intrusion detection classification model based on deep belief network[J]. IEEE Access, 2019, 7: 87593-87605.
9	Panigrahi R, Borah S. A detailed analysis of CICIDS2017 dataset for designing intrusion detection systems[J]. International Journal of Engineering & Technology, 2018, 7(3): 479-482.
10	Goryunov M N, Matskevich A G, Rybolovlev D A. Synthesis of a machine learning model for detecting computer attacks based on the Cicids2017 dataset[J]. Proceedings of the Institute for System Programming of the RAS, 2020, 32(5): 81-94.
11	Stiawan D, Idris M Y B, Bamhdi A M, et al. CICIDS-2017 dataset feature analysis with information gain for anomaly detection[J]. IEEE Access, 2020, 8:132911-132921.
12	Salo F, Injadat M, Nassif A B, et al. Data mining techniques in intrusion detection systems: a systematic literature review[J]. IEEE Access, 2018, 6: 56046-56058.
13	Turnipseed I P. A new scada dataset for intrusion detection research[D]. Starkville:James Worth Bagley College of Engineering,Mississippi State University, 2015.
14	Rastogi A K, Narang N, Siddiqui Z A. Imbalanced big data classification: a distributed implementation of smote[C]∥Proceedings of the Workshop Program of the 19th International Conference on Distributed Computing and Networking, Varanasi, India,2018: 1-6.
15	Myles A J, Feudale R N, Liu Y, et al. An introduction to decision tree modeling[J]. Journal of Chemometrics: a Journal of the Chemometrics Society, 2004, 18(6): 275-285.
16	Biau G, Scornet E. A random forest guided tour[J]. Test, 2016, 25: 197-227.
17	Chen T, He T, Benesty M, et al. Xgboost: extreme gradient boosting(version 0.4-2)[DB/OL]. [2015-12-13]. .
18	温博文, 董文瀚, 解武杰, 等. 基于改进网格搜索算法的随机森林参数优化[J]. 计算机工程与应用, 2018, 54(10): 154-157.
	Wen Bo-wen, Dong Wen-han, Xie Wu-jie, et al. Parameter optimization method for random forest based on improved grid search algorithm[J]. Computer Engineering and Applications,2018,54(10):154-157.
19	Pattawaro A, Polprasert C. Anomaly-based network intrusion detection system through feature selection and hybrid machine learning technique[C]∥The 16th International Conference on ICT and Knowledge Engineering(ICT&KE), Bangkok, Thailand, 2018: 1-6.
20	李红亚, 彭昱忠, 邓楚燕, 等. GA与PSO的混合研究综述[J]. 计算机工程与应用,2018, 54(2): 20-28.
	Li Hong-ya, Peng Yu-zhong, Deng Chu-yan, et al. Review of hybrids of GA and PSO[J]. Computer Engineering and Applications, 2018, 54(2):20-28.
21	Mohammed M, Mwambi H, Omolo B, et al. Using stacking ensemble for microarray-based cancer classification[C]∥International Conference on Computer, Control, Electrical, and Electronics Engineering, Khartoum, Sudan, 2018: 1-8.
22	王辉, 李昌刚.Stacking集成学习方法在销售预测中的应用[J]. 计算机应用与软件, 2020, 37(8): 85-90.
	Wang Hui, Li Chang-gang. Application of Stacking integrated learning method in sales forecasting[J]. Computer Applications and Software, 2020, 37(8):85-90.
23	张开放, 苏华友, 窦勇. 一种基于混淆矩阵的多分类任务准确率评估新方法[J].计算机工程与科学,2021, 43(11): 1910-1919.
	Zhang Kai-fang, Su Hua-you, Dou Yong. A new multi-classification task accuracy evaluation method based on confusion matrix[J]. Computer Engineering & Science, 2021, 43(11): 1910-1919.
24	Belarbi O, Khan A, Carnelli P, et al. An intrusion detection system based on deep belief networks[C]∥International Conference on Science of Cyber Security,Matsue, Japan, 2022: 377-392.
25	Yao Y, Su L, Lu Z. DeepGFL: deep feature learning via graph for attack detection on flow-based network traffic[C]∥IEEE Military Communications Conference(MILCOM),Los Angeles, USA, 2018: 579-584.
26	Roopak M, Tian G Y, Chambers J. Deep learning models for cyber security in IoT networks[C]∥IEEE The 9th Annual Computing and Communication Workshop and Conference, Las Vegas, USA,2019: 452-457.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

编号	标签	样本数量/个
1	BENIGN	22 767
2	DoS	19 035
3	PortScan	7 946
4	BruteForce	2 767
5	WebAttack	2 180
6	Bot	1 966

标签	缩写（编号）
Normal	Normal（0）
Na?ve Malicious Response Injection	NMRI（1）
Complex Malicious Response Injection	CMRI（2）
Malicious State Command Injection	MSCI（3）
Malicious Parameter Command Injection	MPCI（4）
Malicious Function Code Injection	MFCI（5）
Denial of Service	DOS（6）
Reconnaissance	Recon（7）

	类别1	类别2	…	类别n
类别1	A₁₁	A₁₂	…	A₁_n
类别2	A₂₁	A₂₂	…	A₂_n
?	?	?		?…
类别n	A _n₁	A _n₂	…	A _nn

方法	精确度	召回率	F₁分数	CPU时间/s
决策树	0.925	0.964	0.951	22.8
随机森林	0.862	0.996	0.906	3 min 5
极端梯度提升	0.903	0.997	0.935	4 min 14
堆叠集成	0.936	0.975	0.912	3 min 25
堆叠集成加特征提取	0.951	0.987	0.953	1 min 30

来源	方法	精确度	召回率	F₁分数	类别数
本文	特征提取加堆叠集成	0.951	0.987	0.953	6
文献［24］	MLP	0.871	0.995	0.873	6
文献［25］	DeepGFL	0.948	448	0.531	12
文献［26］	MLP	0.884	0.862	0.872	2
文献［26］	LSTM	0.984	0.898	0.895	2