| 203 | 1 | 157 |
| 下载次数 | 被引频次 | 阅读次数 |
针对基于深度学习的入侵检测系统存在局部特征提取效果不佳,提取维度单一,预测精度有待提高和模型计算开销过高等问题,提出了一种基于膨胀卷积网络(Dilated Convolution Network, DCN)与双向长短记忆网络(Bidirectional Long Short Memory Network,BiLSTM)的入侵检测模型。首先使用改进的三层膨胀卷积神经网络(Dilated Convolution Network, DCN)结构进行局部特征提取,解决了局部特征提取效果不佳、提取维度单一的问题;其次使用将膨胀卷积与BiLSTM相结合的办法解决预测精度有待提高的问题;最后通过在模型中引入分组卷积技术使模型轻量化,解决了计算开销过高的问题。在公开数据集CICIDS2017上进行了实验,经过对比传统模型以及现有的入侵检测方法表明,所提模型拥有较好的性能。模型预测准确率、召回率、F1值较高,证明了其有效性和可行性。
Abstract:Aiming at the problems of the intrusion detection system based on deep learning, such as poor local feature extraction effect, single extraction dimension, prediction accuracy to be improved and high cost of model calculation, an intrusion detection model based on Dilated Convolutional Network(DCN) and Bidirectional Long Short Memory Network(BiLSTM) is proposed. Firstly, an improved three-layer DCN structure was used for local feature extraction, which solved the problem of poor local feature extraction performance and single extraction dimension. Secondly, the method combining expansion convolution with BiLSTM was used to solve the problem that the prediction accuracy needs to be improved. Finally, grouping convolution technology was introduced into the model to make the model lightweight, which solves the problem of high computational cost. The experiments were conducted on the public dataset CICIDS2017. After comparing traditional models with existing intrusion detection methods, the proposed model has excellent performance. The high prediction accuracy, recall rate, and F1 value of the proposed model demonstrate its effectiveness and feasibility.
[1] LI L,ZHANG H,XIA Y,et al.Security estimation under denial-of-service attack with energy constraint[J].Neurocomputing,2018,292(MAY31):111-120.
[2] ZHANG J,LIU P,HE J,et al.A hadoop based analysis and detection model for IP spoofing typed DDoS attack[C]//2016 IEEE Trustcom/BigDataSE/ISPA.Tianjin:IEEE,2016:1976-1983.
[3] LIAO Y,VEMURI V R.Use of k-nearest neighbor classifier for intrusion detection[J].Computers and Security,2002,21(5):439-448.
[4] MUKKAMALA S,JANOSKI G,SUNG A.Intrusion detection using neural networks and support vector machines[C]//Proceedings of the 2002 international joint conference on neural networks.Honolulu:IEEE,2002:1702-1707.
[5] SALLAY H,AMMAR A,SAAD M B,et al.A real time adaptive intrusion detection alert classifier for high speed networks[C]//Proceedings of the IEEE 12th international symposium on network computing and applications.Cambridge:IEEE,2013:73-80.
[6] HASAN M A M,NASSER M,PAL B,et al.Support vector machine and random forest modeling for Intrusion Detection System(IDS)[J].Journal of Intelligent Learning Systems and Applications,2014,6(1):45-52.
[7] JING D,CHEN H B.SVM based network intrusion detection for the UNSW-NB15 dataset[C]//Proceedings of the IEEE 13th international conference on ASIC.Chongqing:IEEE,2019:1-4.
[8] 张玲,白中英,罗守山,等.基于粗糙集和人工免疫的集成入侵检测模型[J].通信学报,2013,34(9):166-176.
[9] AL-YASEEN W L,OTHMAN Z A,NAZRI M Z A.Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system[J].Expert Systems with Applications,2017,67:296-303.
[10] 周本英,贺鹏飞,邱荣发,等.融合随机森林和梯度提升树的入侵检测研究[J].软件学报,2021,32(10):3254-3265.
[11] HU W.MAYBANK S.Adaboost-based algorithm for network intrusion detection[J].IEEE Trans.Syst.Man Cybern.Part B:Cybern.,2008,38(2):577-583.
[12] KUMAR R,ZHANG X,KHAN R U,et al.Malicious code detection based on image processing using deep learning[C]//Proceedings of the 2018 international conference on computing and artificial intelligence.New York:ACM,2018:81-85.
[13] 麻文刚,张亚东,郭进.基于LSTM与改进残差网络优化的异常流量检测方法[J].通信学报,2021,42(5):23-40.
[14] 尹晟霖,张兴兰,左利宇.双重路由深层胶囊网络的入侵检测系统[J].计算机研究与发展,2022,59(2):418-429.
[15] 刘金硕,詹岱依,邓娟,等.基于深度神经网络和联邦学习的网络入侵检测[J].计算机工程,2023,49(1):15-21.
[16] 杨秀璋,彭国军,罗元,等.OMRDetector:一种基于深度学习的混淆恶意请求检测方法[J].计算机学报,2022:45(10):2167-2189.
[17] MUSHTAQ E,ZAMEER A,UMER M,et al.A two-stage intrusion detection system with auto-encoder and LSTMs[J].Applied Soft Computing,2022,121:108768.
[18] LI X,CHEN W,ZHANG Q,et al.Building auto-encoder intrusion detection system based on random forest feature selection[J].Comput Secur.,2020,95:101851.
[19] AGARAP A F M.A neural network architecture combining gated recurrent unit (GRU) and support vector machine (SVM) for intrusion detection in network traffic data[C]//Proceedings of the 2018 10th international conference on machine learning and computing.Macau:[s.n.],2018:26-30.
[20] AZIZJON M,JUMABEK A,KIM W.ID CNN based network intrusion detection with normalization on imbalanced data[C]//Proceedings of 2020 international conference on artificial intelligence in information and communication.Fukuoka:IEEE,2020:218-224.
[21] 丁承君,刘强,冯玉伯,等.基于物联网和边缘计算的高校机房在线监测[J].计算机工程与应用,2018,54(21):257-264.
[22] 张全龙,王怀彬.基于膨胀卷积和门控循环单元组合的入侵检测模型[J].计算机应用,2021,41(5):1372-1377.
[23] YU F,KOLTUN V.Multi-scale context aggregation by dilated convolutions[EB/OL].[2020-03-21].https://arxiv.org/pdf/1511.07122v2.pdf.
[24] HOCHREITER S,SCHMIDHUBER J.LSTM can solve hard long time lag problems[J].Advances in Neural Information Processing Systems,1997(9):473-479.
[25] 侯海霞.基于深度学习的入侵检测方法和模型[D].北京:北京邮电大学,2022.
基本信息:
DOI:10.20165/j.cnki.ISSN1673-629X.2024.0099
中图分类号:TP393.08;TP18
引用信息:
[1]李奕蒙,高玉琢.基于膨胀卷积与BiLSTM的入侵检测模型[J].计算机技术与发展,2024,34(07):87-92.DOI:10.20165/j.cnki.ISSN1673-629X.2024.0099.
基金信息:
国家自然科学基金地区科学基金项目(62162052)