In view of the shortcomings of the existing machine learning based intrusion detection system,which was still very high for the minority classes of false negative rate,this paper proposed an intrusion detection method based on SMOTE and GBDT.The core idea was using the SMOTE technique to increase the number of samples in the minority classes in the preprocessing stage,and to down-sample the majority class samples.Finally,it trained the GBDT classifier on the balanced data set.Using KDD99 data set for experimental verification,and compared with classifier trained on the original training data,the best results of the KDD99.The results show that the average false negative rate of this method is about 17% lower than that of KDD99 and the model on the original training set while maintaining a high overall correctness rate,which proves the effectiveness of the proposed method.%现有的基于机器学习的入侵检测方法大多专注于提高整体检测率和降低整体的漏报率,忽视了少数类别的检测率和漏报率,为此,提出了一种基于SMOTE(synthetic minority oversampling technique)和GBDT(gradient boosting decision tree)的入侵检测方法.其核心思想是:首先在预处理阶段使用SMOTE技术提高少数类别的样本数量,且对多数类别样本降采样,最后在平衡数据集上训练GBDT分类器.利用KDD99数据集进行实验验证,并与在原始训练集上训练的分类器、KDD99竞赛的最好成绩进行对比.结果表明,该方法在保持较高的整体正确率的同时,其平均漏报率比KDD99最好成绩及原始训练集上的模型降低了约17%,从而证明了该方法的有效性.
展开▼
