Author Login Editor-in-Chief Peer Review Editor Work Office Work

Computer Engineering ›› 2020, Vol. 46 ›› Issue (3): 144-150. doi: 10.19678/j.issn.1000-3428.0053018

• Cyberspace Security • Previous Articles     Next Articles

Intrusion Detection Method Based on Ensemble Deep Forests

DING Longbin, WU Zhongdong, SU Jiali   

  1. School of Electronic and Information Engineering, Lanzhou Jiaotong University, Lanzhou 730070, China
  • Received:2018-10-29 Revised:2018-12-19 Published:2019-04-22

基于集成深度森林的入侵检测方法

丁龙斌, 伍忠东, 苏佳丽   

  1. 兰州交通大学 电子与信息工程学院, 兰州 730070
  • 作者简介:丁龙斌(1992-),男,硕士研究生,主研方向为网络安全、深度学习;伍忠东,教授;苏佳丽,硕士研究生。
  • 基金资助:
    甘肃省高等学校协同创新团队项目(2017C-09);兰州市科技计划项目(2018-1-51)。

Abstract: In practical application,the Convolutional Neural Network(CNN)-based intrusion detection method has some problems,such as long training time,a large number of hyper parameters,and a large amount of required data.In order to reduce the complexity of training and improve the efficiency of intrusion detection,this paper proposes an detection method based on Ensemble Deep Forests(EDF).On the basis of analyzing the hidden layer structure of CNN and the Bagging integration strategy of ensemble learning,the method constructs a Random Forest(RF) layer.Then the features randomly selected by the RF input are trained in each layer.The output class vectors and feature vectors are spliced,and iterations are passed to the next layer.Training continues until the model converges.Experimental results on the NSL-KDD dataset show that compared with the CNN algorithm,the EDF algorithm can improve the convergence speed by more than 50% while ensuring the classification accuracy,which proves the efficiency and feasibility of the EDF algorithm.

Key words: intrusion detection, Convolutional Neural Network(CNN), deep learning, Random Forests(RF), Deep Forests(DF)

摘要: 基于卷积神经网络(CNN)的入侵检测方法在实际应用中模型训练时间过长、超参数较多、数据需求量大。为降低计算复杂度,提高入侵检测效率,提出一种基于集成深度森林(EDF)的检测方法。在分析CNN的隐藏层结构和集成学习的Bagging集成策略的基础上构造随机森林(RF)层,对每层中RF输入随机选择的特征进行训练,拼接输出的类向量和特征向量并向下层传递迭代,持续训练直至模型收敛。在NSL-KDD数据集上的实验结果表明,与CNN算法相比,EDF算法在保证分类准确率的同时,其收敛速度可提升50%以上,证明了EDF算法的高效性和可行性。

关键词: 入侵检测, 卷积神经网络, 深度学习, 随机森林, 深度森林

CLC Number: