A High-Performance Intrusion Detection Method Based on Combining Supervised and Unsupervised Learning

摘要

Intrusion detection system (IDS) plays an essential role in detecting malicious attacks and illegal network access. There are many proposed approaches using machine learning and data mining techniques in IDS to solve detection problems. However, related machine learning based intrusion detection method resulted in unsatisfying performance for U2R (user-to-root) and R2L (remote-to-local) attacks. To solve this problem, this paper proposes a novel attack detection approach that combines supervised and unsupervised learning. In this approach, we first conduct a feature selecting and weighting method that based on the relevance analysis of features. Then the features' weights are applied in the proposed classifier, in which K-Means algorithm is introduced in K-NN classifier. The K-Means is utilized in the classifier to reselect and sort the nearest neighbors by measuring the distances between neighbors and centroid centers, by which way we make the K-NN classifier more robust and less sensitive to the selection of K. The experimental results based on the KDD dataset show that the proposed method not only performs well on detecting DoS, Probe and R2L attacks, it also has significant improvement for detecting U2R attacks.