作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2023, Vol. 49 ›› Issue (1): 15-21,30. doi: 10.19678/j.issn.1000-3428.0065155

• 热点与综述 • 上一篇    下一篇

基于深度神经网络和联邦学习的网络入侵检测

刘金硕, 詹岱依, 邓娟, 王丽娜   

  1. 武汉大学 国家网络安全学院 空天信息安全与可信计算教育部重点实验室, 武汉 430072
  • 收稿日期:2022-07-05 修回日期:2022-08-28 发布日期:2023-01-06
  • 作者简介:刘金硕(1973-),女,教授、博士、博士生导师,主研方向为网络安全、数据挖掘、高性能计算;詹岱依,硕士研究生;邓娟,副教授、博士;王丽娜,教授、博士、博士生导师。
  • 基金资助:
    国家自然科学基金(U193607);国家重点研发计划(2020YFA0607902)。

Network Intrusion Detection Based on Deep Neural Network and Federated Learning

LIU Jinshuo, ZHAN Daiyi, DENG Juan, WANG Lina   

  1. Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China
  • Received:2022-07-05 Revised:2022-08-28 Published:2023-01-06

摘要: 在高速网络环境中,对复杂多样的网络入侵进行快速准确的检测成为目前亟待解决的问题。联邦学习作为一种新兴技术,在缩短入侵检测时间与提高数据安全性上取得了很好的效果,同时深度神经网络(DNN)在处理海量数据时具有较好的并行计算能力。结合联邦学习框架并将基于自动编码器优化的DNN作为通用模型,建立一种网络入侵检测模型DFC-NID。对初始数据进行符号数据预处理与归一化处理,使用自动编码器技术对DNN实现特征降维,以得到DNN通用模型模块。利用联邦学习特性使得多个参与方使用通用模型参与训练,训练完成后将参数上传至中心服务器并不断迭代更新通用模型,通过Softmax分类器得到最终的分类预测结果。实验结果表明,DFC-NID模型在NSL-KDD与KDDCup99数据集上的准确率平均达到94.1%,与决策树、随机森林等常用入侵检测模型相比,准确率平均提升3.1%,在攻击类DoS与Probe上,DFC-NID的准确率分别达到99.8%与98.7%。此外,相较不使用联邦学习的NO-FC模型,DFC-NID减少了83.9%的训练时间。

关键词: 网络入侵检测, 深度神经网络, 联邦学习, 机器学习, 深度学习

Abstract: In a high-speed network environment, complex and diverse network intrusions must be detected rapidly and accurately.As a new technology, federated learning has successfully reduced intrusion detection time and improved data security.Meanwhile, Deep Neural Network(DNN) exhibits high parallel computing ability in managing massive data.A network intrusion detection model that combines the federated learning framework with a DNN based on automatic encoder optimization as a general model, abbreviated as DFC-NID, is established.The initial data are preprocessed using symbol data and normalized, and the feature dimension of the DNN is reduced using automatic encoder technology to obtain the module for the DNN general model. Federated learning enables multiple participants to participate in training using the general model.After training is completed, the parameters are uploaded to a central server and the general model is updated repeatedly.The final classification prediction results are obtained using the Softmax classifier.Experimental results show that the accuracy of the DFC-NID model on NSL-KDD and KDDCup99 datasets is 94.1% on average, which is 3.1% higher than that of typical intrusion detection models such as decision tree and random forest.The accuracy of the DFC-NID model on attack DoS and Probe is 99.8% and 98.7%, respectively.In addition, compared with a NO-FC model without federated learning, the DFC-NID reduces the training time by 83.9%.

Key words: network intrusion detection, Deep Neural Network(DNN), federated learning, machine learning, deep learning

中图分类号: