关键词: 网络入侵检测, 集成学习, 在线自适应极限学习机

Abstract: The popularity of the Internet and network equipment and the diversity of access methods have brought great about convenience as well as huge security challenges. The ways and means of network intrusion are becoming more diversified and faster. Traditional intrusion detection methods are unable to meet the security monitoring requirements of an increasingly complex network environment in terms of effectiveness, adaptability and real-time.This paper proposes a network intrusion detection method based on selective learning of the online sequential Adaption Extreme Learning Machines (OAELMs), termed SEoOAELM-NID. Firstly, an OAELM construction method with online incremental update function is proposed,which can automatically set the optimal number of hidden nodes. Bagging strategy is used to train several OAELM sub-learners with certain independence. Then, based on the Margin Distance Minimization (Margin Distance Minimization) guidelines, the OAELM sublearner is integrated into the gain measure, and ensembled by selecting a partial sublearner with high gain. To get a highly Selective Ensemble of OAELM high generalization ability. SEoOAELM-NID has the advantages of automatic optimal setting of hidden nodes and online sequential update of ELM sub-learners, so it can effectively adapt to the intrusion detection requirements of various complex network environments; and by selecting some optimal sub-learners for integration, the accuracy and effectiveness of the final detection results are guaranteed, and online application is used. The test results on the NSL-KDD data set show that SEoOAELM-NID can achieve higher detection rates and fast recognition speeds for known and unknown intrusion types than single learner and traditional ensemble learning-based network intrusion detection methods.

Key words: network intrusion detection, ensemble learning, online adaption ELM