融合改进自编码器和残差网络的入侵检测模型

doi:10.19678/j.issn.1000-3428.0066984

摘要/Abstract

摘要：

互联网中存在大量隐私数据，因此防止网络入侵成为保护网络安全的关键问题。为提高网络入侵检测的准确率并解决其收敛慢问题，设计一种改进的堆叠自动编码器和残差网络（ISAE-ResNet）入侵检测模型。融合栈式自编码器和残差网络，首先将预处理后的数据输入到改进的栈式自编码器中，该栈式自编码器由2个副编码器和1个主编码器组成，数据经过副编码器和主编码器训练后重构出新的特征来防止过拟合问题；然后将解码层的权重捆绑到编码层进行优化，使模型参数减半来进行降维，提高模型的收敛速度；最后将处理过的数据输入到改进的残差网络中，并基于改进的ResNet网络设计一种加入软阈值函数的残差模块，通过降低数据中的噪声来提高模型准确率。在CIC-IDS-2017数据集上的实验结果表明，该模型准确率为98.67%，真正例率为95.93%，误报率为0.37%，损失函数值快速收敛至0.042，在准确率、真正例率、误报率和收敛速度方面均超过对比入侵检测模型，具有较高的有效性和可行性。

关键词: 网络入侵检测, 深度学习, 栈式自编码器, 残差网络, CIC-IDS-2017数据集

Abstract:

The vast quantities of private data on the Internet necessitate robust network intrusion prevention to safeguard network security. This study introduces an Improve Stacked AutoEncoder-ResNet(ISAE-ResNet), combining an improved self-encoder and residual network (ISAE-ResNet), to augment network intrusion detection accuracy and address the challenge of slow convergence. The model integrates an improved stack self-encoder with the Residual Network(ResNet). Initially, preprocessed data are fed into the enhanced stack self-encoder, consisting of two sub-encoders and a main encoder. By training these components, data is reconstructed with novel features to mitigate fitting issues. The advanced stack self-encoder synchronizes the weights of the decoding and encoding layers, thereby reducing model parameters by half, diminishing dimensionality, and accelerating convergence. Subsequently, the processed data is introduced into the refined ResNet, incorporating a residual module equipped with a soft threshold function to enhance accuracy by diminishing data noise. The model's efficacy and feasibility are evaluated using the CIC Intrusion Detection Systems-2017 dataset(CIC-IDS-2017). Results demonstrated a 98.67% accuracy rate, a 95.93% true case rate, a mere 0.37% false alarm rate, and rapid convergence of the loss function value to 0.042. These metrics surpass existing models in terms of accuracy, true case rate, false alarm rate, and convergence speed, thereby affirming the high validity and feasibility of the proposed intrusion detection model.

Key words: network intrusion detection, deep learning, stack self-encoder, residual network, CIC-IDS-2017 dataset

陈虹, 王瀚文, 金海波. 融合改进自编码器和残差网络的入侵检测模型[J]. 计算机工程, 2024, 50(2): 188-195.

Hong CHEN, Hanwen WANG, Haibo JIN. Intrusion Detection Model Combining Improved Self-Encoder and Residual Network[J]. Computer Engineering, 2024, 50(2): 188-195.

https://www.ecice06.com/CN/Y2024/V50/I2/188

图/表 10

图1 残差模块

Fig.1 Residual module

图2 ISAE-ResNet入侵检测模型

Fig.2 ISAE-ResNet intrusion detection model

图3 改进的栈式自编码器

Fig.3 Improved stack self-encoder

图4 改进的ResNet网络结构

Fig.4 Improved ResNet network structure

图5 损失函数值对比

Fig.5 Comparison of loss function values

图6 不同模型的准确率对比

Fig.6 Accuracy comparison of different models

参考文献 26

1	刘剑, 苏璞睿, 杨珉, 等. 软件与网络安全研究综述. 软件学报, 2018, 29(1): 42- 68.
	LIU J, SU P R, YANG M, et al. Survey of software and cyber security resesrch. Journal of Software, 2018, 29(1): 42- 68.
2	王小群, 丁丽, 严寒冰, 等. 2020年我国互联网网络安全态势综述. 保密科学技术, 2021,(5): 3- 10.
	WANG X Q, DING L, YAN H B, et al. Summary of China's Internet network security situation in 2020. Secrecy Science and Technology, 2021,(5): 3- 10.
3	刘奇旭, 王君楠, 尹捷, 等. 对抗机器学习在网络入侵检测领域的应用. 通信学报, 2021, 42(11): 1- 12.
	LIU Q X, WANG J N, YIN J, et al. Application of adversarial machine learning in network intrusion detection. Journal on Communications, 2021, 42(11): 1- 12.
4	张蕾, 崔勇, 刘静, 等. 机器学习在网络空间安全研究中的应用. 计算机学报, 2018, 41(9): 1943- 1975.
	ZHANG L, CUI Y, LIU J, et al. Application of machine learning in cyberspace security research. Chinese Journal of Computers, 2018, 41(9): 1943- 1975.
5	张玲, 白中英, 罗守山, 等. 基于粗糙集和人工免疫的集成入侵检测模型. 通信学报, 2013, 34(9): 166- 176.
	ZHANG L, BAI Z Y, LUO S S, et al. Integrated intrusion detection model based on rough set and artificial immune. Journal on Communications, 2013, 34(9): 166- 176.
6	李洋, 方滨兴, 郭莉, 等. 基于主动学习和TCM-KNN方法的有指导入侵检测技术. 计算机学报, 2007, 30(8): 1464- 1473.
	LI Y, FANG B X, GUO L, et al. Supervised intrusion detection based on active learning and TCM-KNN algorithm. Chinese Journal of Computers, 2007, 30(8): 1464- 1473.
7	周杰英, 贺鹏飞, 邱荣发, 等. 融合随机森林和梯度提升树的入侵检测研究. 软件学报, 2021, 32(10): 3254- 3265.
	ZHOU J Y, HE P F, QIU R F, et al. Research on intrusion detection based on random forest and gradient boosting tree. Journal of Software, 2021, 32(10): 3254- 3265.
8	GAO X W, SHAN C, HU C Z, et al. An adaptive ensemble machine learning model for intrusion detection. IEEE Access, 2019, 7, 82512- 82521. doi: 10.1109/ACCESS.2019.2923640
9	HU W M, HU W, MAYBANK S. AdaBoost-based algorithm for network intrusion detection. IEEE Transactions on Systems, Man, and Cybernetics, 2008, 38(2): 577- 583. doi: 10.1109/TSMCB.2007.914695
10	MABU S, CHEN C, LU N N, et al. An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming. IEEE Transactions on Systems, Man, and Cybernetics, 2011, 41(1): 130- 139. doi: 10.1109/TSMCC.2010.2050685
11	KUMAR R, ZHANG X KHAN R U, et al. Malicious code detection based on image processing using deep learning[C]//Proceedings of 2018 International Conference on Computing and Artificial Intelligence. New York, USA : ACM Press, 2018: 81-85.
12	麻文刚, 张亚东, 郭进. 基于LSTM与改进残差网络优化的异常流量检测方法. 通信学报, 2021, 42(5): 23- 40.
	MA W G, ZHANG Y D, GUO J. Abnormal traffic detection method based on LSTM and improved residual neural network optimization. Journal on Communications, 2021, 42(5): 23- 40.
13	尹晟霖, 张兴兰, 左利宇. 双重路由深层胶囊网络的入侵检测系统. 计算机研究与发展, 2022, 59(2): 418- 429.
	YIN S L, ZHANG X L, ZUO L Y. Intrusion detection system for dual route deep capsule network. Journal of Computer Research and Development, 2022, 59(2): 418- 429.
14	刘金硕, 詹岱依, 邓娟, 等. 基于深度神经网络和联邦学习的网络入侵检测. 计算机工程, 2023, 49(1): 15-21, 30. URL
	LIU J S, ZHAN D Y, DENG J, et al. Network intrusion detection based on deep neural network and federated learning. Computer Engineering, 2023, 49(1): 15-21, 30. URL
15	杨秀璋, 彭国军, 罗元, 等. OMRDetector: 一种基于深度学习的混淆恶意请求检测方法. 计算机学报, 2022, 45(10): 2167- 2189.
	YANG X Z, PENG G J, LUO Y, et al. OMRDetector: a method for detecting obfuscated malicious requests based on deep learning. Chinese Journal of Computers, 2022, 45(10): 2167- 2189.
16	LOTFOLLAHI M, JAFARI SIAVOSHANI M. Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Computing, 2020, 24(3): 1999- 2012. doi: 10.1007/s00500-019-04030-2
17	ZAVRAK S, ISKEFIYELI M. Anomaly-based intrusion detection from network flow features using variational autoencoder. IEEE Access, 2020, 8, 108346- 108358. doi: 10.1109/ACCESS.2020.3001350
18	来杰, 王晓丹, 向前, 等. 自编码器及其应用综述. 通信学报, 2021, 42(9): 218- 230.
	LAI J, WANG X D, XIANG Q, et al. Review on autoencoder and its application. Journal on Communications, 2021, 42(9): 218- 230.
19	WANG W J, DU X H, SHAN D B, et al. Cloud intrusion detection method based on stacked contractive auto-encoder and support vector machine. IEEE Transactions on Cloud Computing, 2022, 10(3): 1634- 1646. doi: 10.1109/TCC.2020.3001017
20	ZHAO R J, YIN J, XUE Z, et al. An efficient intrusion detection method based on dynamic autoencoder. IEEE Wireless Communications Letters, 2021, 10(8): 1707- 1711. doi: 10.1109/LWC.2021.3077946
21	YAN B H, HAN G D. Effective feature extraction via stacked sparse autoencoder to improve intrusion detection system. IEEE Access, 2018, 6, 41238- 41248. doi: 10.1109/ACCESS.2018.2858277
22	ZHANG B A, YU Y H, LI J. Network intrusion detection based on stacked sparse autoencoder and binary tree ensemble method[C]//Proceedings of IEEE International Conference on Communications Workshops. Washington D. C., USA: IEEE Press, 2018: 1-6.
23	AL-QATF M, YU L S, AL-HABIB M, et al. Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access, 2018, 6, 52843- 52856. doi: 10.1109/ACCESS.2018.2869577
24	BENGIO Y, LAMBLIN P, POPOVICI D, et al. Greedy layer-wise training of deep networks[C]//Proceedings of Advances in Neural Information Processing Systems. Cambridge, USA: MIT Press, 2007: 153-160.
25	HE K M, ZHANG X Y, REN S Q, et al. Deep residual learning for image recognition[C]//Proceedings of IEEE Conference on Computer Vision and Pattern Recognition. Washington D. C., USA: IEEE Press, 2016: 770-778.
26	SHARAFALDIN I, LASHKARI A H. Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]//Proceedings of the 4th International Conference on Information Systems Security and Privacy. Washington D. C., USA: IEEE Press, 2021: 267-278.

[1]	魏嵬, 丁香香, 郭梦星, 杨钊, 刘辉. 文本相似度计算方法综述[J]. 计算机工程, 2024, 50(9): 18-32.
[2]	朱凯, 李理, 张彤, 江晟, 别一鸣. 基于Transformer的多阶段运动模糊图像修复网络[J]. 计算机工程, 2024, 50(9): 276-285.
[3]	张天鹏, 韩晶, 吕学强. 基于多任务学习的超分辨率辅助小目标检测[J]. 计算机工程, 2024, 50(9): 304-312.
[4]	高煜宝, 文志诚. 基于注意力机制的双路解码器图像去噪方法[J]. 计算机工程, 2024, 50(9): 324-332.
[5]	张华青, 夏张涛, 陆晓庆, 童基均. 基于字形特征的血管外科命名实体识别[J]. 计算机工程, 2024, 50(8): 13-21.
[6]	张亚洲, 和玉, 戎璐, 王祥凯. 基于上下文知识增强型Transformer网络的抑郁检测[J]. 计算机工程, 2024, 50(8): 75-85.
[7]	高伟, 李帅龙, 茆琳, 王磊, 李颖颖, 韩林. 一种基于TVM的算子生成加速策略[J]. 计算机工程, 2024, 50(8): 353-362.
[8]	王宇, 祁琦, 王纯, 许才. 储能变流器信号高精度故障诊断方法[J]. 计算机工程, 2024, 50(8): 389-396.
[9]	牛瑞婷, 严天峰, 高锐, 王映植. 低信噪比下基于深度学习TCNN-MobileNet的调制识别[J]. 计算机工程, 2024, 50(7): 204-215.
[10]	肖慈, 徐杨, 张永丹, 冯明文, 黄易仟. 结合注意力和低光增强的夜间语义分割[J]. 计算机工程, 2024, 50(7): 271-281.
[11]	张诗婧, 莫绪涛, 赵行, 董杨林. 基于球面折反射成像和YOLOv7的内螺纹缺陷检测[J]. 计算机工程, 2024, 50(7): 282-292.
[12]	徐明亮, 李芳媛, 马浩然, 何飞. 大规模神经记录的峰电位聚类算法(特邀)[J]. 计算机工程, 2024, 50(6): 1-34.
[13]	魏琢艺, 罗迈, 李文兵, 曾远松, 余伟江, 杨跃东. 基于多源域适应的单细胞智能分类[J]. 计算机工程, 2024, 50(6): 48-55.
[14]	李子杰, 周菊香, 韩晓瑜, 甘健侯, 鹿泽光, 王俊. 序列特征与学习过程融合的知识追踪模型[J]. 计算机工程, 2024, 50(6): 77-85.
[15]	余长宏, 许孔豪, 张泽, 高明. 基于分割点改进孤立森林的网络入侵检测方法[J]. 计算机工程, 2024, 50(6): 148-156.

选择文件类型/文献管理软件名称

选择包含的内容