融合CNN与BiLSTM的网络入侵检测方法

doi:10.19678/j.issn.1000-3428.0053263

摘要/Abstract

摘要： 针对网络入侵检测准确率偏低而误报率偏高的问题，提出一种融合卷积神经网络（CNN）与双向长短期记忆（BiLSTM）网络的网络入侵检测方法。对KDDcup99数据集进行预处理，并分别使用CNN模型、BiLSTM模型提取局部特征和长距离依赖特征，通过注意力机制计算特征的重要性，利用softmax分类器获得最终的分类结果。实验结果表明，与基于CNN和基于LSTM的方法相比，该方法的网络入侵检测效果较好，其准确率可提高至95.0%，误检率可降低至5.1%。

关键词: 深度学习, 卷积神经网络, 双向长短期记忆, 注意力机制, 入侵检测

Abstract: To address the problem of low network intrusion detection accuracy and high false positive rate,a network intrusion detection method integrating Convolutional Neural Network(CNN) and Bidirectional Long Short-Term Memory(BiLSTM) network is proposed.The KDDcup99 data set is preprocessed,and the local features and long-distance dependent features are extracted using the CNN model and the BiLSTM model,respectively.The importance of features is calculated by using the introduced attention mechanism,and the final classification results are obtained by using the softmax classifier.Experimental results show that compared with CNN-based and LSTM-based methods,the proposed method has better network intrusion detection performance,its accuracy can be improved to 95.0%,and the false detection rate can be reduced to 5.1%.

Key words: deep learning, Convolutional Neural Network(CNN), Bidirectional Long Short-Term Memory(BiLSTM), attention mechanism, intrusion detection

中图分类号:

TP393

刘月峰, 蔡爽, 杨涵晰, 张晨荣. 融合CNN与BiLSTM的网络入侵检测方法[J]. 计算机工程, 2019, 45(12): 127-133.

LIU Yuefeng, CAI Shuang, YANG Hanxi, ZHANG Chenrong. Network Intrusion Detection Method Integrating CNN and BiLSTM[J]. Computer Engineering, 2019, 45(12): 127-133.

http://www.ecice06.com/CN/Y2019/V45/I12/127

图/表 12

20191214132337

20191214132340

20191214132343

20191214132345

20191214132349

20191214132352

20191214132354

20191214132357

20191214132400

20191214132403

20191214132405

20191214132408

参考文献

[1] LUO Bin,XIA Jingbo.A novel intrusion detection system based on festure generation with visualization strategy[J].Expert Systems with Applications,2014,41(9):4139-4147.
[2] SANTORO D,ESCUDERO-ANDREU G,KYRIAKO P G,et al.A hybrid intrusion detection system for virtual jamming attacks on wireless networks[J].Measurement,2017,109:79-87.
[3] ABBES T,BOUHOULA A,RUSINOWITCH M.Efficient decision tree for protocol analysis in intrusion detection[J].International Journal of Security and Networks,2010,5(4):220-235.
[4] ZHAO Huiqun,LIU Jinluan.Research on complex event big data processing system test data generation method based on Bayesian network[J].Application Research of Computers,2018,35(8):155-158,162.(in Chinese)赵会群,刘金銮.基于贝叶斯网络的复杂事件大数据处理系统测试数据生成方法研究[J].计算机应用研究,2018,35(8):155-158,162.
[5] LI Shuohao,ZHANG Jun.Review of Bayesian networks structure learning[J].Application Research of Computers,2015,32(3):641-646.(in Chinese)李硕豪,张军.贝叶斯网络结构学习综述[J].计算机应用研究,2015,32(3):641-646.
[6] WANG Haiyan,LI Jianhui,YANG Fenglei.Overview of support vector machine analysis and algorithm[J].Application Research of Computers,2014,31(5):1281-1286.(in Chinese)汪海燕,黎建辉,杨风雷.支持向量机理论及算法研究综述[J].计算机应用研究,2014,31(5):1281-1286.
[7] SINGH R,KUMAR H,SINGLA R K.An instrsion detection system using network traffic profiling and online sequential extreme learning machine[J].Expert Systems with Applications,2015,42(22):8609-8624.
[8] GU G X,CHEN C,BUEHLER M J.De novo composite design based on machine learning algorithm[J].Extreme Mechanics Letters,2018(18):19-28.
[9] WANG Wei,ZHU Ming,ZENG Xuewen,et al.Malware traffic classification using convolutional neural network for representation learning[C]//Proceedings of 2017 International Conference on Information Networking.Washington D.C.,USA:IEEE Press,2017:712-717.
[10] JAVAID A,NIYAZ Q,SUN Wenqing,et al.A deep learning approach for network intrusion detection system[C]//Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies.New York,USA:ACM Press,2016:21-26.
[11] QU Feng,ZHANG Jitao,SHAO Zetian,et al.An intrusion detection model based on deep belief networks[C]//Proceedings of 2014 International Conference on Network,Communication and Computing.New York,USA:ACM Press,2014:97-101.
[12] ZHANG Yuqing,DONG Ying,LIU Caiyun,et al.Situation,trends and prospects of deep learning applied to cyberspace security[J].Journal of Computer Research and Development,2018,55(6):1117-1142.(in Chinese)张玉清,董颖,柳彩云,等.深度学习应用于网络空间安全的现状、趋势与展望[J].计算机研究与发展,2018,55(6):1117-1142.
[13] KIM J,KIM J,THU H L T,et al.Long short term memory recurrent neural network classifier for intrusion detection[C]//Proceedings of 2016 International Conference on Platform Technology and Service.Washington D.C.,USA:IEEE Press,2016:1-5.
[14] SHEN Xiajiong,WANG Long,HAN Daojun.Application of BP neural network optimized by artificial bee colony in intrusion detection[J].Computer Engineering,2016,42(2):190-194.(in Chinese)沈夏炯,王龙,韩道军.人工蜂群优化的BP神经网络在入侵检测中的应用[J].计算机工程,2016,42(2):190-194.
[15] ZHU Huming,LI Pei,JIAO Licheng,et al.Review of parallel deep neural network[J].Chinese Journal of Computers,2018,41(8):1861-1881.(in Chinese)朱虎明,李佩,焦李成,等.深度神经网络并行化研究综述[J].计算机学报,2018,41(8):1861-1881.
[16] JIA Fan,KONG Lingzhi.Intrusion detection algorithm based on convolutional neural network[J].Transactions of Beijing Institute of Technology,2017,37(12):1271-1275.(in Chinese)贾凡,孔令智.基于卷积神经网络的网络入侵检测算法[J].北京理工大学学报,2017,37(12):1271-1275.
[17] HASSAN A,MAHMOOD A.Efficient deep learning model for text classification based on recurrent and convolutional layers[C]//Proceedings of IEEE International Conference on Machine Learning and Applications.Washington D.C.,USA:IEEE Press,2018:1108-1113.
[18] YIN Rui,SU Songzhi,LI Shaozi.Convolutional neural network's image moment regularizing strategy[J].CAAI Transactions on Intelligent Systems,2016,11(1):43-48.(in Chinese)殷瑞,苏松志,李绍滋.一种卷积神经网络的图像矩正则化策略[J].智能系统学报,2016,11(1):43-48.
[19] MEDHAT W,HASSAN A,KORASHY H.Sentiment analysis algorithms and applications:a survey[J].Ain Shams Engineering Journal,2014,5(4):1093-1113.
[20] STAUDEMEYER R C.Applying long short-term memory recurrent neural networks to intrusion detection[J].South African Computer Journal,2015,56(1):136-145.

选择文件类型/文献管理软件名称

选择包含的内容