通信学报 ›› 2024, Vol. 45 ›› Issue (4): 13-26.doi: 10.11959/j.issn.1000-436x.2024011

• 学术论文 • 上一篇    下一篇

基于内存增强自编码器的轻量级无人机网络异常检测模型

胡天柱1,2, 沈玉龙3(), 任保全2, 何吉2,3, 刘成梁2,3, 李洪钧2   

  1. 1.西安电子科技大学网络与信息安全学院, 陕西 西安 710126
    2.军事科学院系统工程研究院, 北京 100070
    3.西安电子科技大学计算机科学与技术学院, 陕西 西安 710126
  • 收稿日期:2023-07-05 修回日期:2023-09-23 出版日期:2024-04-30 发布日期:2024-05-27
  • 通讯作者: 沈玉龙 E-mail:ylshen@mail.xidian.edu.cn
  • 作者简介:胡天柱(1996- ),男,河南濮阳人,西安电子科技大学与军事科学院联合培养博士生,主要研究方向为智能信息网络内生安全、APT攻击检测等。
    沈玉龙(1978- ),男,江苏泗洪人,博士,西安电子科技大学教授、博士生导师,主要研究方向为云计算与数据安全、智能网络内生安全等。
    任保全(1974- ),男,陕西周至人,博士,军事科学院研究员、博士生导师,主要研究方向为智能信息网络架构与内生安全等。
    何吉 (1989- ),男,重庆人,博士,西安电子科技大学讲师、硕士生导师,主要研究方向为物理层安全、智能信息网络内生安全等。
    刘成梁(1996- ),男,江苏镇江人,西安电子科技大学与军事科学院联合培养博士生,主要研究方向为智能信息网络安全、APT攻击检测等。
    李洪钧(1985- ),男,博士,军事科学院高级工程师,主要研究方向为通信网络技术、物联网技术等。
  • 基金资助:
    国家自然科学基金资助项目(62220106004);国家自然科学基金重大研究计划基金资助项目(92267204);陕西省重点研发计划基金资助项目(2022KXJ-093);陕西省创新能力支撑计划基金资助项目(2023-CX-TD-02)

Lightweight anomaly detection model for UAV networks based on memory-enhanced autoencoders

Tianzhu HU1,2, Yulong SHEN3(), Baoquan REN2, Ji HE2,3, Chengliang LIU2,3, Hongjun LI2   

  1. 1.School of Cyber Engineering, Xidian University, Xi’an 710126, China
    2.Academy of Systems Engineering, Academy of Military Sciences, Beijing 100070, China
    3.School of Computer Science and Technology, Xidian University, Xi’an 710126, China
  • Received:2023-07-05 Revised:2023-09-23 Online:2024-04-30 Published:2024-05-27
  • Contact: Yulong SHEN E-mail:ylshen@mail.xidian.edu.cn
  • Supported by:
    The National Natural Science Foundation of China(62220106004);Major Research Plan of the National Natural Science Foundation of China(92267204);The Key Research and Development Program of Shaanxi Province(2022KXJ-093);Innovation Capability Support Program of Shaanxi(2023-CX-TD-02)

摘要:

为了解决传统智能攻击检测方法在无人机网络中存在的高能耗以及高度依赖人工标注数据的问题,提出一种基于双层内存增强自编码器集成架构的轻量级无人机网络在线异常检测模型。采用基于操作系统的消息队列进行数据包缓存,实现对高速数据流的持久化处理,有效提升了模型的稳定性和可靠性。基于衰减窗口模型计算数据流复合统计特征,以增量更新方式降低了计算过程中的内存复杂度。利用层次聚类算法对复合统计特征进行划分,将分离的特征输入集成架构中的多个小型内存增强自编码器进行独立训练,降低了计算复杂度,同时解决了传统自编码器因重构效果过拟合而导致的漏报问题。在公开数据集和NS-3仿真数据集上的实验表明,所提模型在保证轻量级的同时,与基线方法相比,假阴性率分别平均降低了35.9%和48%。

关键词: 无人机网络, 异常检测, 轻量级在线检测, 内存增强自编码器

Abstract:

In order to solve the problems of high energy consumption and high reliance on manual annotation data of traditional intelligent attack detection methods in UAV networks, a lightweight UAV network online anomaly detection model based on a double-layer memory-enhanced autoencoder integrated architecture was proposed. The message queue based on the operating system was used for data packet caching to achieve persistent processing of high-speed data streams, which effectively improved the stability and reliability of the model. The composite statistical characteristics of the data flow were calculated based on the damped window model, and the memory complexity in the calculation process was reduced in an incremental update manner. The hierarchical clustering algorithm was used to divide the composite statistical features, and the separated features were input to multiple small memory-enhanced autoencoders in the integrated architecture for independent training, which reduced the computational complexity and solved the problem of false negatives caused by the overfitting of the reconstruction effect of the traditional autoencoder. Experiments on public data sets and NS-3 simulation data sets show that while ensuring lightweight, the proposed model reduces the false negative rate by an average of 35.9% and 48% compared with the baseline method.

Key words: UAV network, anomaly detection, lightweight online detection, memory-augmented autoencoder

中图分类号: 

No Suggested Reading articles found!