网络与信息安全学报 ›› 2018, Vol. 4 ›› Issue (7): 48-59.doi: 10.11959/j.issn.2096-109x.2018056

• 论文 • 上一篇    下一篇

基于深度循环神经网络和改进SMOTE算法的组合式入侵检测模型

燕昺昊,韩国栋   

  1. 国家数字交换系统工程技术研究中心,河南 郑州 450002
  • 修回日期:2018-07-05 出版日期:2018-07-01 发布日期:2018-09-10
  • 作者简介:燕昺昊(1994-),男,山西吕梁人,国家数字交换系统工程技术研究中心硕士生,主要研究方向为机器学习、入侵检测、网络安全。|韩国栋(1964-),男,山东莱西人,博士,国家数字交换系统工程技术研究中心副教授、硕士生导师,主要研究方向为宽带信息处理、信息安全、芯片设计技术。
  • 基金资助:
    国家科技重大专项基金资助项目(2016ZX01012101);国家自然科学基金资助项目(61572520);国家自然科学基金创新群体资助项目(61521003)

Combinatorial intrusion detection model based on deep recurrent neural network and improved SMOTE algorithm

Binghao YAN,Guodong HAN   

  1. National Digital Switching System Engineering and Technological Research Center,Zhengzhou 450002,China
  • Revised:2018-07-05 Online:2018-07-01 Published:2018-09-10
  • Supported by:
    The National Science Technology Major Project of China(2016ZX01012101);The National Natural Science Foundation Project of China(61572520);The National Natural Science Foundation Innovation Group Project of China(61521003)

摘要:

已有入侵检测模型普遍只针对网络入侵行为的静态特征进行分析检测,造成检测率低及误报率高等缺陷,且无法有效应用低频攻击。为此提出一种新的基于深度循环神经网络(DRNN)和区域自适应合成过采样算法(RA-SMOTE)的组合式入侵检测模型(DRRS)。首先,RA-SMOTE 对数据集中低频攻击样本进行自适应区域划分,实现差别样本增量,从数据层面提升低频攻击样本数量;其次,利用 DRNN 特有的层间反馈单元,完成多阶段分类特征的时序积累学习,同时多隐层网络结构实现对原始数据分布的最优非线性拟合;最后,使用训练好的DRRS模型完成入侵检测。实验结果表明,相比已有入侵检测模型,DRRS在改善整体检测效果的同时显著提高了低频攻击检测率,且对未知新型攻击具有一定检出率,适用于实际网络环境。

关键词: 网络安全, 深度学习, 入侵检测, 循环神经网络, 过采样算法

Abstract:

Existing intrusion detection models generally only analyze the static characteristics of network intrusion actions,resulting in low detection rate and high false positive rate,and cannot effectively detect low-frequency attacks.Therefore,a novel combinatorial intrusion detection model (DRRS) based on deep recurrent neural network (DRNN) and region adaptive synthetic minority oversampling technique algorithm (RA-SMOTE) was proposed.Firstly,RA-SMOTE divided the low frequency attack samples into different regions adaptively and improved the number of low-frequency attack samples with different methods from the data level.Secondly,the multi-stage classification features were learned by using the level feedback units in DRNN,at the same time,the multi-layer network structure achieved the optimal non-linear fitting of the original data distribution.Finally,the intrusion detection was completed by trained DRRS.The empirical results show that compared with the traditional intrusion detection models,DRRS significantly improves the detection rate of low-frequency attacks and overall detection efficiency.Besides,DRRS has a certain detection rate for unknown new attacks.So DRRS model is effective and suitable for the actual network environment.

Key words: network security, deep learning, intrusion detection, DRNN, oversampling algorithm

中图分类号: