Journal of Frontiers of Computer Science and Technology ›› 2022, Vol. 16 ›› Issue (12): 2752-2764.DOI: 10.3778/j.issn.1673-9418.2104115

• Network and Information Security • Previous Articles     Next Articles

Wireless Network Intrusion Detection Algorithm Based on Multiple Perspectives Hierarchical Clustering

DONG Xinyu1,2, XIE Bin1,2,3,+(), ZHAO Xusheng1, GAO Xinbao1   

  1. 1. College of Computer and Cyber Security, Hebei Normal University, Shijiazhuang 050024, China
    2. Hebei Provincial Key Laboratory of Network & Information Security, Hebei Normal University, Shijiazhuang 050024, China
    3. Hebei Provincial Engineering Research Center for Supply Chain Big Data Analytics & Data Security, Hebei Normal University, Shijiazhuang 050024, China
  • Received:2021-05-08 Revised:2021-06-25 Online:2022-12-01 Published:2021-06-16
  • About author:DONG Xinyu, born in 1995, M.S. Her research interests include machine learning and cyber security.
    XIE Bin, born in 1976, Ph.D., professor, M.S. supervisor. His research interests include granu-lar computing, machine learning and approximate reasoning.
    ZHAO Xusheng, born in 2000. His research interests include machine learning and cyber security.
    GAO Xinbao, born in 1999. His research interests include machine learning and cyber security.
  • Supported by:
    National Natural Science Foundation of China(62076088);Natural Science Foundation of Hebei Provincial Education Department(QN2021083);Technological Innovation Foundation of Hebei Normal University(L2020K09)

多视角层次聚类下的无线网络入侵检测算法

董新玉1,2, 解滨1,2,3,+(), 赵旭升1, 高新宝1   

  1. 1.河北师范大学 计算机与网络空间安全学院,石家庄 050024
    2.河北师范大学 河北省网络与信息安全重点实验室,石家庄 050024
    3.河北师范大学 供应链大数据分析与数据安全河北省工程研究中心,石家庄 050024
  • 通讯作者: +E-mail: xiebin_hebtu@126.com
  • 作者简介:董新玉(1995—),女,河北石家庄人,硕士,主要研究方向为机器学习、网络安全。
    解滨(1976—),男,吉林通化人,博士,教授,硕士生导师,主要研究方向为粒计算、机器学习、近似推理。
    赵旭升(2000—),男,河北石家庄人,主要研究方向为机器学习、网络安全。
    高新宝(1999—),男,河北沧州人,主要研究方向为机器学习、网络安全。
  • 基金资助:
    国家自然科学基金(62076088);河北省教育厅自然科学基金项目(QN2021083);河北师范大学技术创新基金项目(L2020K09)

Abstract:

Aiming at the problems of high false detection rate, difficult to find unknown attack behavior and high cost of obtaining marked data in existing wireless network intrusion detection algorithms based on supervised learning, this paper proposes an unsupervised wireless network intrusion detection algorithm based on multiple perspectives hierarchical clustering. The algorithm is based on unsupervised learning, and does not need to manually mark a large number of wireless network data participating in classifier learning. It has the advantages of easy access to training datasets and detection of unknown types of attack behavior. At the same time, the algorithm introduces multiple perspectives cosine distance as the similarity measure between wireless network data objects in hierarchical clustering, which makes the clustering results more reasonable and the judgment of network data behavior more accurate, and reduces the false detection rate of intrusion detection to a certain extent. In this paper, Aegean WIFI intrusion dataset (AWID) is selected as the experimental dataset, and principal component analysis is used to reduce the dimension of the experimental dataset, which greatly reduces the time complexity of intrusion detection algorithm. Experimental results show that the proposed wireless network intrusion detection algorithm based on multiple perspectives hierarchical clustering has a significant improvement in detection rate, false detection rate and detection of unknown attack types compared with traditional wireless network intrusion detection algorithms.

Key words: multiple perspectives, hierarchical clustering, wireless network, intrusion detection, principal component analysis (PCA)

摘要:

针对现有基于监督学习的无线网络入侵检测算法误检率高、难以发现未知类型攻击行为、获取带标记网络数据代价大的问题,提出一种基于多视角层次聚类的无监督无线网络入侵检测算法。该算法基于无监督学习,不需要为参与分类器学习的大量无线网络数据进行人工标记,具有易获取训练数据集和发现未知类型攻击行为的优势,同时该算法引入多视角余弦距离作为层次聚类中无线网络数据对象间相似性度量,使聚类结果更加合理,对网络数据行为的判定更加准确,在一定程度上降低了入侵检测的误检率。选用公开无线网络攻击数据集(AWID)进行实验,通过主成分分析法对实验数据集进行降维处理,很大程度上降低了入侵检测算法的时间复杂度。实验结果表明,与传统的无线网络入侵检测算法相比,提出的多视角层次聚类下的无线网络入侵检测算法在检测率、误检率和发现未知攻击类型等性能上都有显著提升。

关键词: 多视角, 层次聚类, 无线网络, 入侵检测, 主成分分析(PCA)

CLC Number: