隨著科技進步,現代網路情況也與過往不同。本研究針對當代的新型網路入侵偵測資料集。建構混合式入侵偵測系統偵測現代的網路異常資料。本論文提出使用離散演算法和群集演算法將訓練樣本分割成兩個群集,針對子群建立新分類模型以提升分類效能。離散訓練樣本時採用考慮特徵與標籤相依性的方法。標籤資訊添加進特徵中以改善分群結果。針對其中富含異常的子群,選擇具有代表性的特徵建立分類模型,提升整體分類效果。本實驗採用決策樹與貝氏網路,兩個分類效果良好的機器學習演算法。實驗結果顯示本論文的方法,有效提升正常與異常的偵測率、精準度及準確度。對於分類新型態的現代攻擊,亦能提升整體的準確度。
As the Internet technology advances, the modern network traffic is different from the past. Our study is aimed at the contemporary network intrusion detection dataset. By constructing a hybrid intrusion detection system to detect network anomalies, we propose using a feature discretization method and a cluster analysis algorithm to separate the training samples into two groups, the normal group and the anomaly group and then the new classification model is built to improve the performance of the anomaly group classification. The feature discretization method considers the interdependence between features and labels. Class information is added into the attributes to enhance the clustering results. For the anomaly group, several representative features are selected to construct classification model to improve the overall classification performance. Two efficient machine learning algorithms, the Decision Tree algorithm and the Bayesian Network algorithm, are adopted in our experiment. The experiment results show that our method can increase both the normal and anomaly detection rate, precision and accuracy. For the classification of new types of modern attacks, our approach also can improve the overall accuracy.