摘要： 入侵检测系统（IDS）在发现网络异常和攻击方面发挥着重要作用，但传统IDS误报率较高，不能准确分析和识别异常流量。目前，深度学习技术被广泛应用于网络流量异常检测，但仅仅采用简单的深度神经网络（DNN）模型难以有效提取流量数据中的重要特征。针对上述问题，提出一种基于堆叠卷积注意力的DNN网络流量异常检测模型。通过堆叠多个以残差模块连接的注意力模块增加网络模型深度，同时在注意力模块中引入卷积神经网络、池化层、批归一化层和激活函数层，防止模型过拟合并提升模型性能，最后在DNN模型中得到输出向量。基于NSL-KDD数据集对模型性能进行评估，将数据集预处理生成二进制特征，采用多分类、二分类方式验证网络流量异常检测效果。实验结果表明，该模型性能优于KNN、SVM等机器学习模型和ANN、AlertNet等深度学习模型，其在多分类任务中识别准确率为0.807 6，较对比模型提高0.034 0~0.097 5，在二分类任务中准确率和F1分数为0.860 0和0.863 8，较对比模型提高0.013 0~0.098 8和0.030 6~0.112 8。
Abstract: Intrusion Detection System(IDS) plays an important role in discovering network anomalies and attacks. However, a traditional IDS has a high false alarm rate, and it is difficult to effectively analyze and identify abnormal traffic.In recent years, deep learning technology has been successfully used in the detection of network traffic anomalies, but it is difficult to accurately extract important features from traffic data using simple Deep Neural Network(DNN) models.To address these problems, this study proposes a DNN network traffic anomaly detection model based on stacked convolutional attention.It stacks multiple attention modules connected by residual modules to deepen the depth of the network model and introduces Convolutional Neural Network(CNN), pooling layer, batch normalization layer, and activation function layer in the attention module to prevent overfitting and improve the performance of the model. Finally, the output vector is obtained in DNN model.Furthermore, the NSL-KDD dataset is used to evaluate the proposed model.The dataset is preprocessed to generate binary features, and then multiple classification and binary classification methods are used to test the effect of network traffic anomaly detection.Through comparison with machine learning models such as KNN and SVM, and deep learning models such as ANN and AlertNet, the experimental results show that the accuracy, precision, and F1 score of the proposed model are better than those listed in the paper.In the multiple classification task, the recognition accuracy rate is 0.807 6, which is 0.034 0~0.097 5 higher than that of the comparison models, and the accuracy rate and F1 score are 0.860 0 and 0.863 8 in the binary classification task, respectively, which are 0.013 0~0.098 8 and 0.030 6~0.112 8 higher than those of the comparison models.
network traffic anomaly detection,
Intrusion Detection System(IDS),
Deep Neural Network(DNN),
stacked convolutional attention,