期刊名称:International Journal of Distributed Sensor Networks
印刷版ISSN:1550-1329
电子版ISSN:1550-1477
出版年度:2009
卷号:5
DOI:10.1080/15501320802540488
出版社:Hindawi Publishing Corporation
摘要:This paper proposes a novel network anomaly detection method employing wavelet fuzzy neural network (WFNN) to use modified Quantum-Behaved Particle Swarm Optimization (QPSO). In this paper, wavelet transform is applied to extract fault characteristics from the anomaly state. Fuzzy theory and neural network are employed to fuzzify the extracted information. Wavelet is then integrated with fuzzy neural network to form the wavelet fuzzy neural network (WFNN). The Quantum-Behaved Particle Swarm Optimization proposed by Jun Sun, which outperforms the other optimization algorithm considerably on its simple architecture and fast convergence, has previously applied to solve the optimum problem. However, the QPSO also has its own shortcomings. In QPSO if a particle flew off the boundary (the search area), the algorithm usually would regard the position value of the particle as the value of the boundary. If the boundary is at the position of local optimum, the particles were trapped into local optimum easily. It is impossible for them to arrive at the global optimum. With the increase of particle, the diversity of swam would be declined and the global search quality of the algorithm would be also declined. In the modified algorithm, it shows that the particles field off the boundary were distributed in the c*r and () search space. The diversity of swam and the global search quality would be enhanced. So there exists a modified QPSO which is employed to train WFNN in this paper. We have demonstrated performance comparisons to QPSO-WFNN, PSO-WFNN using the same data set extracts from the KDD99 Datasets, and the results have shown that the MQPSO-WFNN model exhibits superior performance with a higher attack detection rate and lower false positive rate. Experiments with KDD Cup 1999 connection traffic data have shown that this model is able to effectively detect intrusive behaviors. It also shows the remarkable ability of our IDS to detect new type of attacks.
