作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程

• •    

基于记忆模块和过滤式生成对抗网络的入侵检测方法

  • 发布日期:2023-11-14

Intrusion Detection Method Based on a Memory Module and a Filtered Generative Adversarial Network

  • Published:2023-11-14

摘要: 为了解决现有的网络入侵检测方法在异常样本有限时存在精确度低和容易产生过拟合的问题,提出一种基于记忆模块和过滤式生成对抗网络(MemFGAN)的入侵检测方法。在生成对抗网络中,生成器采用编码器-解码器结构并引入一个记忆模块学习正常样本的特征向量进行记忆增强,生成器用于对给定的输入进行编码并将其用作查询请求在记忆模块中查询最相关的项进行重构,生成器的重构误差作为异常分数用于入侵检测,在判别器之前增加过滤器过滤异常样本,利用判别器损失提高生成器对正常样本的生成能力以降低其异常分数。此外,分别为生成器和判别器设计了新的训练目标,实现利用已知异常对生成器进行监督,降低生成器对异常样本的重构能力以扩大其异常分数,从而提高模型的入侵检测精确度并缓解过拟合问题。在MAWILab、ISCX2012、IDS2017、IDS2018四个入侵检测数据集上的实验结果表明,相较于基线方法,MemFGAN的F1-score平均提高了0.147,在入侵检测方面具有较好的准确性和泛化性,并可以在异常样本有限时保持良好的检测能力。

Abstract: In order to solve the problems that existing network intrusion detection methods have low accuracy and are prone to overfitting when abnormal samples are limited, an intrusion detection method based on a Memory modules and a Filtered Generative Adversarial Networks (MemFGAN) is proposed. In a generative adversarial network, the generator adopts an encoder-decoder structure and introduces a memory module to learn the feature vectors of normal samples for memory enhancement. The generator is used to encode the given input and use it as a query request in the memory module The most relevant items in the query are reconstructed, and the reconstruction error of the generator is used as an anomaly score for intrusion detection. A filter is added before the discriminator to filter out abnormal samples, and the discriminator loss is used to improve the generator's ability to generate normal samples to reduce Its abnormal score. In addition, new training objectives are designed for the generator and the discriminator respectively to supervise the generator using known anomalies and reduce the generator's ability to reconstruct abnormal samples to expand its anomaly score, thereby improving the model's intrusion detection accuracy. and alleviate the overfitting problem. Experimental results on four intrusion detection data sets of MAWILab, ISCX2012, IDS2017, and IDS2018 show that compared with the baseline method, MemFGAN improves the F1-score by an average of 0.147, and has better accuracy and generalization in intrusion detection. , and can maintain good detection capabilities when abnormal samples are limited.