Improving Network Intrusion Detection Methods in Isolated Forests Based on Split Points
With the continuous increase in the complexity of network attacks,traditional supervised-based network intrusion detection algorithms struggle to accurately identify network access connections without category labels or with inconspicuous features.Additionally,unsupervised network intrusion detection algorithms face challenges such as low detection efficiency and accuracy.To enhance the performance of network intrusion detection further,this study employs an Auto-Encoders(AE)combined with a split point-improved isolation forest model for detecting network intrusions.First,L1 regularization is applied to unsupervised AE to enhance their sparsity.By learning the intrinsic structure of the data,discriminative features are adaptively extracted for intrusion attack feature extraction.Thereafter,the improved isolation forest is employed to separate the anomalous points and determine the optimal hyperplane for partitioning based on the ratio of the maximum mean to the standard deviation to construct the isolation tree.This endows the isolation tree with a strong ability to isolate exceptional values from relevant subspaces.Anomaly traffic is determined by calculating the average path length of all data points in the isolation trees.The proposed approach is tested on the KDDCUP99 and UNSW-NB15 datasets,and compared with six traditional unsupervised methods.The results indicate that the proposed method improves accuracy and recall rates by approximately 20%compared to traditional Isolation Forest,and enhances F1 and Area Under Curve(AUC)values by approximately 10%.Moreover,it significantly reduces the misclassification rate compared with other unsupervised methods.
network intrusion detectionSparse Auto-Encoder(SAE)isolated forestsunsupervised learningisolate tree
万方数据
维普
