abstract |
The invention discloses a classification method suitable for intrusion detection. According to the characteristics that the SVM classification algorithm is sensitive to unbalanced data sets and classifies in the kernel space, the minority class sample set in the training sample set is based on the kernel SMOTE oversampling, and at the same time adopt a mixed sampling method based on kernel-based fuzzy C-means clustering and undersampling for the majority class sample set to realize the balanced preprocessing of the unbalanced training data set, and then use Bagging on the newly obtained training sample set The ensemble learning method trains an ensemble classifier based on SVM. The model trained by this method can not only effectively improve the disadvantages of the traditional SVM intrusion detection model, such as unsatisfactory recognition of intrusion data and high misjudgment rate of normal data, but also the Bagging integration algorithm adopted is suitable for large-scale parallel computing. |