基于改进孤立森林的大规模网络人侵攻击检测研究

打开文本图片集

中图分类号：TN711-34；TP391 文献标识码：A 文章编号：1004-373X（2025）15-0098-05

Research on large-scale network intrusion attack detection basedonimprovedisolationforest

XU Wei²，LENG Jing² （1.WuhanUniversity，Wuhan43oO72，China; 2.Department of Information Technology，Hubei University of Police，Wuhan 43oo34，China）

Abstract：Becauseof thelarge-scalenetwork，theperformance of the detection process fluctuatesgreatly，and the identificationaccuracyofpotentialatacksispoor.Therefore，alarge-scalenetwork intrusionattckdetectionmethodbasedon improvedisolationforestisproposed.Alarge-scalenetwork intrusionatack detectionframework isbuilt.Thelarge-scalenetwork dataarecollctedandpreprocessd.Thelrge-scalenetworktraffcfeaturesareextractedbyasociation-basedfeatureselection methodsandtransmittedintothe intrusionattack detectionmodule.Intheintrusionatack detection module，animproved isolatioforestalgorithmisadoptedtocalculatetheabnormalscoreoffeaturedatabytraversingnetworktraficfeaturedata basedonisolationtrees，solateaboraldatapointsccuratelyandachieveattackdetection.Onceananomalyiseteedthe logalarmodulesendsanalertandrecordsthecorespondingrulesintherulelibrary.Theexperimentalresultsshowthatthe abnormalscorecalculationresultsof theproposed methodarewithintherangeofO.79～O.99，whichcan identifyintrusionaack traffic accurately，and its detection accuracy rate exceeds 99%.

Keywords：improvedisolationforest;large-scalenetwork；invasionattack；segmentationpoint;traficfeature;abnoral score;feature selection

0 引言

大规模网络人侵攻击常带来数据泄露、篡改及损毁风险，可能引发系统崩溃、服务停滞或性能衰退，甚至造成经济损失。（剩余5650字）