基于特征选择和时空特征的网络入侵检测

doi:10.19678/j.issn.1000-3428.0069289

摘要/Abstract

摘要：

由于恶意软件、Web攻击等行为频发, 需要避免因网络恶意攻击而导致互联网上存在的大量用户隐私信息外泄, 因此, 网络入侵检测成为研究热点。网络入侵数据中存在大量冗余和不相关的信息, 现有的检测模型很少捕捉网络入侵数据中时间和空间维度上的模式和规律, 导致模型的检测性能受到限制。结合特征选择和特征融合, 建立一种新的网络入侵检测模型BRFE-CBIAT。首先通过随机森林(RF)和递归特征剔除(RFE)来构建BRFE模型, 通过BRFE模型对数据特征进行选择, 剔除部分不重要的特征, 减少冗余信息; 其次, 建立时空特征并行提取的CBIAT模型, 使用卷积神经网络(CNN)的一维卷积层对数据进行初步空间特征提取; 然后, 通过时间特征模块中的双向长短时记忆(BiLSTM)网络对深层序列数据进行建模, 捕获特征之间的时序关系, 并利用改进的空间注意模块关注空间特征; 最后, 通过Softmax分类器处理融合的时空特征以获取分类预测结果。实验结果表明, BRFE-CBIAT模型在NSL-KDD和UNSW-NB15数据集上的多分类检测准确率分别为99.7%和94.0%, 优于目前主流的网络模型, 所提模型对多类别的细分效果也存在明显优势, 在NSL-KDD数据集中, 所有细分性能均达到96%以上, 在UNSW-NB15数据集上对DoS攻击的检测F1值达到89%。

关键词: 网络入侵检测, 特征选择, 深度学习, 时空特征提取, 特征融合

Abstract:

Malware, Web attacks, and other behaviors frequently occur on the Internet. Therefore, the large amount of user privacy information on the Internet must be prevented from leaking because of malicious network attacks. This makes network intrusion detection systems a popular research topic. Network intrusion data includes a large amount of redundant and irrelevant information. However, current detection models seldom capture the patterns and regularities in the temporal and spatial dimensions of network intrusion data. This has led to limitations in the detection performance of the models. This study establishes a new BRFE-CBIAT model for network intrusion detection by combining feature selection and feature fusion. First, a BRFE model is constructed by combining Random Forest (RF) and Recursive Feature Elimination (RFE). The BRFE model selects some features of the data after eliminating some unimportant ones, thereby reducing redundant information. Second, a CBIAT model is built for the parallel extraction of spatio-temporal features. A one-dimensional convolutional layer of a Convolutional Neural Network (CNN) is used for initial spatial feature extraction from the data. Then, a Bi-directional Long and Short-Term Memory (BiLSTM) network in the temporal features module is used to model the deep sequence data, which captures the temporal relationships between features. An improved spatial attention module is used to focus on the spatial features. Finally, a Softmax classifier is used to process the fused spatio-temporal features to obtain the classification prediction results. The BRFE-CBIAT model proposed in this study has multi-classification detection accuracies of 99.7% and 94.0% on the NSL-KDD and UNSW-NB15 datasets, respectively. This is better than the current mainstream network models. The experimental results also indicate the proposed model's effectiveness in the breakdown of multiple categories. The performances of all breakdowns are more than 96% on the NSL-KDD dataset. The F1-score for detecting DoS attacks reaches 89% on the UNSW-NB15 dataset.

Key words: network intrusion detection, feature selection, deep learning, spatio-temporal features extraction, feature fusion

周莎, 车生兵, 考友琛, 张旭, 郭甚驿. 基于特征选择和时空特征的网络入侵检测[J]. 计算机工程, 2025, 51(7): 223-231.

ZHOU Sha, CHE Shengbing, KAO Youchen, ZHANG Xu, GUO Shenyi. Network Intrusion Detection Based on Feature Selection and Spatio-Temporal Features[J]. Computer Engineering, 2025, 51(7): 223-231.

https://www.ecice06.com/CN/Y2025/V51/I7/223

图/表 14

图1 网络入侵检测系统框架

Fig.1 Framework of network intrusion detection system

图2 CBIAT模型结构

Fig.2 CBIAT model structure

图3 不同模型在NSL-KDD数据集上的5分类精确率对比

Fig.3 Comparison of the 5-classification precision of different models on NSL-KDD dataset

图4 不同模型在NSL-KDD数据集上的5分类召回率对比

Fig.4 Comparison of the 5-classification recall of different models on NSL-KDD dataset

图5 不同模型在NSL-KDD数据集上的5分类F1值对比

Fig.5 Comparison of the 5-classification F1-score of different models on NSL-KDD dataset

图6 不同模型在UNSW-NB15数据集上的10分类精确率对比

Fig.6 Comparison of the 10-classification precision of different models on UNSW-NB15 dataset

图7 不同模型在UNSW-NB15数据集上的10分类召回率对比

Fig.7 Comparison of 10-classification recall of different models on UNSW-NB15 dataset

图8 不同模型在UNSW-NB15数据集上的10分类F1值对比

Fig.8 Comparison of 10-classification F1-score of different models on UNSW-NB15 dataset

参考文献 28

1	中国互联网信息中心. 第52次中国互联网络发展状况统计报告[EB/OL]. [2024-01-02]. https://www.cnnic.cn/n4/2023/0828/c88-10829.html.
	China Internet Network Information Center. Statistical report on Internet development in China (52nd edition)[EB/OL]. [2024-01-02]. https://www.cnnic.cn/n4/2023/0828/c88-10829.html. (in Chinese)
2	THAKKAR A , LOHIYA R . Fusion of statistical importance for feature selection in deep neural network-based intrusion detection system. Information Fusion, 2023, 90, 353- 363.
3	THAKKAR A , LOHIYA R . Attack classification using feature selection techniques: a comparative study. Journal of Ambient Intelligence and Humanized Computing, 2021, 12 (1): 1249- 1266.
4	QI Z, FEI J L, WANG J, et al. An intrusion detection feature selection method based on improved mutual information[C]//Proceedings of the 6th IEEE Information Technology, Networking, Electronic and Automation Control Conference. Washington D.C., USA: IEEE Press, 2023: 1584-1590.
5	SAH G , BANERJEE S , SINGH S . Intrusion detection system over real-time data traffic using machine learning methods with feature selection approaches. International Journal of Information Security, 2023, 22 (1): 1- 27.
6	SONGMA S , SATHUPHAN T , PAMUTHA T . Optimizing intrusion detection systems in three phases on the CSE-CIC-IDS-2018 dataset. Computers, 2023, 12 (12): 245.
7	DAOUD M , DAHMANI Y , BENDAOUD M , et al. Convolutional neural network-based high-precision and speed detection system on CIDDS-001. Data & Knowledge Engineering, 2023, 144, 102130.
8	AZIZJON M, JUMABEK A, KIM W. 1D CNN based network intrusion detection with normalization on imbalanced data[C]//Proceedings of the International Conference on Artificial Intelligence in Information and Communication (ICAⅡC). Washington D.C., USA: IEEE Press, 2020: 218-224.
9	SHARMA B , SHARMA L , LAL C , et al. Explainable artificial intelligence for intrusion detection in IoT networks: a deep learning based approach. Expert Systems with Applications, 2024, 238, 121751.
10	GAO Z, SU Y, DING Y, et al. Key technologies of anomaly detection using PCA-LSTM[C]//Proceedings of the 13th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS-2019). Berlin, Germany: Springer, 2020: 246-254.
11	MBOW M, KOIDE H, SAKURAI K. An intrusion detection system for imbalanced dataset based on deep learning[C]//Proceedings of the 9th International Symposium on Computing and Networking (CANDAR). Washington D.C., USA: IEEE Press, 2021: 38-47.
12	LU G Y , TIAN X X . An efficient communication intrusion detection scheme in AMI combining feature dimensionality reduction and improved LSTM. Security and Communication Networks, 2021, 2021, 6631075.
13	王振飞, 袁佩瑶, 曹中亚, 等. 面向高维不平衡数据的特征选择算法. 小型微型计算机系统, 2024, 45 (8): 1839- 1846.
	WANG Z F , YUAN P Y , CAO Z Y , et al. Feature selection algorithm for high dimensional unbalanced data. Journal of Chinese Computer Systems, 2024, 45 (8): 1839- 1846.
14	HE H B, BAI Y, GARCIA E A, et al. ADASYN: adaptive synthetic sampling approach for imbalanced learning[C]//Proceedings of the IEEE International Joint Conference on Neural Networks. Washington D.C., USA: IEEE Press, 2008: 1322-1328.
15	KASONGO S M , SUN Y X . A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Computers & Security, 2020, 92, 101752.
16	石磊, 张吉涛, 高宇飞, 等. 基于Transformer-BiLSTM的入侵检测. 计算机工程, 2023, 49 (3): 29- 37. URL
	SHI L , ZHANG J T , GAO Y F , et al. Intrusion detection based on Transformer-BiLSTM. Computer Engineering, 2023, 49 (3): 29- 37. URL
17	WANG W, ZHU M, WANG J L, et al. End-to-end encrypted traffic classification with one-dimensional convolution neural networks[C]//Proceedings of the IEEE International Conference on Intelligence and Security Informatics. Washington D.C., USA: IEEE Press, 2017: 43-48.
18	LAGHRISSI F , DOUZI S , DOUZI K , et al. Intrusion detection systems using Long Short-Term Memory (LSTM). Journal of Big Data, 2021, 8 (1): 65.
19	IMRANA Y , XIANG Y P , ALI L , et al. A bidirectional LSTM deep learning approach for intrusion detection. Expert Systems with Applications, 2021, 185, 115524.
20	SU T T , SUN H Z , ZHU J Q , et al. BAT: deep learning methods on network intrusion detection using NSL-KDD dataset. IEEE Access, 2020, 8, 29575- 29585.
21	BEDI P , GUPTA N , JINDAL V . I-SiamIDS: an improved Siam-IDS for handling class imbalance in network-based intrusion detection systems. Applied Intelligence, 2021, 51 (2): 1133- 1151.
22	ALTWAIJRY N, ALQAHTANI A, ALTURAIKI I. A deep learning approach for anomaly-based network intrusion detection[C]//Proceedings of International Conference on Big Data and Security. Berlin, Germany: Springer, 2019: 603-615.
23	AL-TURAIKI I , ALTWAIJRY N . A convolutional neural network for improved anomaly-based network intrusion detection. Big Data, 2021, 9 (3): 233- 252.
24	LIU J M , GAO Y B , HU F J . A fast network intrusion detection system using adaptive synthetic oversampling and LightGBM. Computers & Security, 2021, 106, 102289.
25	REN H J , TANG Y H , DONG W Y , et al. DUEN: dynamic ensemble handling class imbalance in network intrusion detection. Expert Systems with Applications, 2023, 229, 120420.
26	REN K Y , YUAN S , ZHANG C , et al. CANET: a hierarchical CNN-attention model for network intrusion detection. Computer Communications, 2023, 205, 170- 181.
27	KHAN F A , GUMAEI A , DERHAB A , et al. TSDL: a two-stage deep learning model for efficient network intrusion detection. IEEE Access, 2019, 7, 30373- 30385.
28	MULYANTO, PRAKOSA S W, FAISAL M, et al. Using optimized focal loss for imbalanced dataset on network intrusion detection system[C]//Proceedings of the 95th IEEE Vehicular Technology Conference. Washington D.C., USA: IEEE Press, 2022: 1-7.

[1]	李姜辛, 王鹏, 汪卫. 多机理指导的深度学习工业时序预测框架[J]. 计算机工程, 2025, 51(7): 47-58.
[2]	周哲臣, 胡冀苏, 钱旭升, 郑毅, 戴亚康, 周志勇. 基于查询自适应双层自注意力机制的MRI脑组织分割[J]. 计算机工程, 2025, 51(7): 294-304.
[3]	余鹏, 杨佳琦, 陈欣然, 贺超波. 基于二部图对比学习的特征增强推荐算法[J]. 计算机工程, 2025, 51(7): 100-110.
[4]	刘春霞, 孟吉星, 潘理虎, 龚大立. 融合RGB与IR图像的遥感小目标检测方法[J]. 计算机工程, 2025, 51(7): 326-338.
[5]	栾孟娜, 郑秋梅, 王风华. 基于DMC-YOLO的交通标志实时检测算法[J]. 计算机工程, 2025, 51(7): 90-99.
[6]	欧阳昱中, 韩锐, 刘驰. 边缘侧领域自适应中长尾视觉识别技术研究[J]. 计算机工程, 2025, 51(7): 171-179.
[7]	孟波, 史旭华, 张彬. 基于双分支卷积和深度插值的点云表面重建[J]. 计算机工程, 2025, 51(7): 119-126.
[8]	沙宇洋, 陆京涛, 杜浩凡, 翟小兵, 孟维宇, 廉旭, 罗刚, 李克峰. 适用于导盲场景的多尺度特征融合轻量化道路图像分割算法[J]. 计算机工程, 2025, 51(7): 314-325.
[9]	庞鑫, 葛凤培, 李艳玲. 声景识音：数字化时代声学场景分类的探索与前沿[J]. 计算机工程, 2025, 51(6): 1-19.
[10]	刘凯, 任洪逸, 李蓥, 季怡, 刘纯平. 基于交叉模态注意力特征增强的医学视觉问答[J]. 计算机工程, 2025, 51(6): 49-56.
[11]	郑诚, 李鹏飞. 基于双超图神经网络特征融合的文本分类[J]. 计算机工程, 2025, 51(6): 127-135.
[12]	廖丁丁, 刘俊峰, 曾君, 邱晓欢. 一种基于块平均正交权重修正的连续学习算法[J]. 计算机工程, 2025, 51(6): 57-64.
[13]	秦永旺, 张洋, 胡星, 刘胜, 李少青. 基于图注意力网络的门级网表功能识别[J]. 计算机工程, 2025, 51(6): 29-37.
[14]	王培吉, 邹承明. 基于向量转换的卷积计算优化方法[J]. 计算机工程, 2025, 51(6): 74-82.
[15]	马思远, 江粼, 李春林, 胡钦太, 武继刚. 基于Gabor滤波器和改进线性判别分析的掌纹识别方法[J]. 计算机工程, 2025, 51(6): 320-326.

选择文件类型/文献管理软件名称

选择包含的内容