通信学报 ›› 2024, Vol. 45 ›› Issue (2): 54-67.doi: 10.11959/j.issn.1000-436x.2024013
• 学术论文 • 上一篇
刘涛涛1, 付钰1, 王坤1,2, 段雪源1,3
修回日期:
2023-11-07
出版日期:
2024-02-01
发布日期:
2024-02-01
作者简介:
刘涛涛(1996− ),男,江西吉安人,海军工程大学博士生,主要研究方向为人工智能、信息处理、网络安全基金资助:
Taotao LIU1, Yu FU1, Kun WANG1,2, Xueyuan DUAN1,3
Revised:
2023-11-07
Online:
2024-02-01
Published:
2024-02-01
Supported by:
摘要:
针对传统入侵检测方法受限于数据集类不平衡以及所选特征代表性不强等问题,提出一种基于VAE-CWGAN 和特征统计重要性融合的检测方法。首先,为提升数据质量对数据集进行预处理;其次,搭建VAE-CWGAN模型生成新样本以解决数据集类不平衡问题,使分类模型不再偏向于多数类;再次,使用标准差、中值均值差对特征进行排序,并融合其统计重要性来进行特征选择旨在获得代表性更强的特征,从而使模型更好地学习数据信息;最后,通过一维卷积神经网络对特征选择后的混合数据集进行分类。实验结果表明,所提方法在NSL-KDD、UNSW-NB15和CIC-IDS-2017数据集上都表现出较好的性能优势,准确率分别为98.95%、96.24%和99.92%,有效提升了入侵检测性能。
中图分类号:
刘涛涛, 付钰, 王坤, 段雪源. 基于VAE-CWGAN和特征统计重要性融合的网络入侵检测方法[J]. 通信学报, 2024, 45(2): 54-67.
Taotao LIU, Yu FU, Kun WANG, Xueyuan DUAN. Network intrusion detection method based on VAE-CWGAN and fusion of statistical importance of feature[J]. Journal on Communications, 2024, 45(2): 54-67.
表1
现有方法对比"
方法 | 特征选择技术 | 数据集 | 检测性能 |
文献[ | CFA | KDD CUP 99 | DR=91.50% |
文献[ | BGWOA | NSL-KDD, | DR=98.47% |
CIC-IDS-2017 | DR=99.47% | ||
文献[ | RF | UNSW-NB15 | KNN准确率为71.01% |
DT准确率为74.22% | |||
BME准确率为74.64% | |||
XGBoost准确率为71.43 | |||
RF准确率为74.87% | |||
文献[ | RF-SVM | KDD CUP 99 | DR=93.00% |
文献[ | IG | UNSW-NB15 | 准确率为84.83% |
文献[ | MI | KDD CUP 99 | DR=99.46% |
NSL-KDD | DR=98.76% |
表6
本文方法与传统的采样方法以及深度生成模型方法对比结果"
数据集 | 方法 | Acc | Pre | Rec | F1 | FAR |
NSL-KDD | ROS[ | 82.17% | 90.65% | 76.55% | 83.07% | 9.95% |
BorderlineSMOTE[ | 84.20% | 91.69% | 78.96% | 84.91% | 8.87% | |
RENN[ | 98.02% | 98.06% | 98.02% | 98.03% | — | |
ADASYN[ | 98.35% | 98.83% | 98.35% | 98.57% | — | |
ENN[ | 98.85% | 98.87% | 98.85% | 98.85% | — | |
本文方法 | ||||||
UNSW-NB15 | ROS[ | 87.31% | 82.14% | 89.80% | — | |
SMOTE[ | 87.22% | 98.23% | 82.70% | 89.80% | — | |
ADASYN[ | 90.47% | 97.44% | 88.31% | 92.65% | — | |
WGAN[ | 88.82% | 98.90% | 84.51% | 91.14% | — | |
CGAN[ | 88.92% | 98.64% | 84.89% | 91.25% | — | |
本文方法 | 96.23% | |||||
CIC-IDS-2017 | ROS[ | 99.74% | 99.97% | 99.85% | 0.07% | |
SMOTE[ | 99.93% | 99.69% | 99.84% | 0.08% | ||
ADASYN[ | 99.92% | 99.65% | 99.96% | 99.80% | 0.09% | |
RUS+SMOTE[ | 99.92% | 99.65% | 99.96% | 99.80% | 0.09% | |
K-Means+SMOTE[ | 99.93% | 99.69% | 99.97% | 99.83% | 0.08% | |
本文方法 | 99.92% | 99.92% |
表7
本文方法与其他多分类平衡方法对比结果"
数据集 | 方法 | Acc | Pre | Rec | F1 | FAR |
NSL-KDD | ROS[ | 78.26% | 92.34% | 67.41% | 77.93% | 7.39% |
SMOTE[ | 81.16% | 96.42% | 69.48% | 80.76% | 3.41% | |
ADASYN[ | 80.10% | 96.16% | 67.74% | 79.49% | 3.57% | |
CVAE[ | 85.97% | 97.39% | 77.43% | 86.27% | 2.74% | |
CWGAN[ | 90.34% | 96.74% | 85.92% | 91.01% | 3.83% | |
本文方法 | ||||||
UNSW-NB15 | ROS[ | 81.70% | 77.32% | 94.49% | 85.05% | 33.96% |
SMOTE[ | 82.44% | 78.05% | 85.60% | 32.65% | ||
ADASYN[ | 82.15% | 77.76% | 94.65% | 85.38% | 33.16% | |
WGAN[ | 81.49% | 84.71% | 82.51% | 83.60% | — | |
CWGAN[ | 85.59% | 86.11% | 85.57% | 85.84% | — | |
本文方法 | 87.58% | |||||
CIC-IDS-2017 | ROS[ | 99.76% | 99.81% | 99.76% | 99.77% | — |
SMOTE[ | 99.76% | 99.76% | 99.77% | — | ||
ADASYN[ | 99.76% | 99.76% | 99.77% | — | ||
RUS+SMOTE[ | 99.72% | 99.81% | 99.72% | 99.75% | — | |
K-Means+SMOTE[ | 99.70% | 99.81% | 99.70% | 99.74% | — | |
本文方法 | 99.79% |
表8
本文方法与其他特征选择方法对比结果"
数据集 | 方法 | Acc | Pre | Rec | F1 | FAR | Size |
NSL-KDD | 卡方检验法 | 95.56% | 95.59% | 95.56% | 95.44% | 4.46% | 13% |
随机森林法 | 97.84% | 97.86% | 97.84% | 97.81% | 1.62% | 17% | |
互信息法 | 96.49% | 96.54% | 96.49% | 96.50% | 3.96% | 15% | |
递归消除法 | 98.07% | 98.06% | 98.07% | 98.06% | 2.57% | 20% | |
遗传算法 | 98.24% | 98.24% | 98.24% | 98.24% | 2.54% | 24% | |
本文方法 | 22% | ||||||
UNSW-NB15 | 卡方检验法 | 82.43% | 85.20% | 82.43% | 82.52% | 11.11% | 13% |
随机森林法 | 84.90% | 86.30% | 84.90% | 85.04% | 11.03% | 19% | |
互信息法 | 84.18% | 86.11% | 84.18% | 84.30% | 11.97% | 25% | |
递归消除法 | 85.51% | 87.35% | 85.51% | 85.68% | 10.78% | 21% | |
遗传算法 | 85.53% | 87.27% | 85.53% | 85.92% | 11.57% | 32% | |
本文方法 | 21% | ||||||
CIC-IDS-2017 | 卡方检验法 | 94.52% | 95.25% | 94.52% | 94.60% | 3.97% | 13% |
随机森林法 | 99.30% | 99.31% | 99.30% | 99.31% | 0.48% | 36% | |
互信息法 | 99.31% | 99.31% | 99.31% | 99.31% | 0.56% | 35% | |
递归消除法 | 99.37% | 99.37% | 99.37% | 99.37% | 0.40% | 20% | |
遗传算法 | 99.45% | 99.46% | 99.45% | 99.46% | 0.40% | 38% | |
本文方法 | 41% |
[1] | HE J X , WANG X D , SONG Y F ,et al. Network intrusion detection based on conditional Wasserstein variational autoencoder with generative adversarial network and one-dimensional convolutional neural networks[J]. Applied Intelligence, 2023,53(10): 12416-12436. |
[2] | 王伟 . 基于深度学习的网络流量分类及异常检测方法研究[D]. 合肥:中国科学技术大学, 2018. |
WANG W . Deep learning for network traffic classification and anomaly detection[D]. Hefei:University of Science and Technology of China, 2018. | |
[3] | PANDA M , PATRA M R . Network intrusion detection using naive bayes[J]. International Journal of Computer Science and Network Security, 2007,7(12): 258-263. |
[4] | MEHEDI H M A , NASSER M , PAL B ,et al. Support vector machine and random forest modeling for intrusion detection system (IDS)[J]. Journal of Intelligent Learning Systems and Applications, 2014,6(1): 45-52. |
[5] | YAN J Q , JIN D , LEE C W ,et al. A comparative study of off-line deep learning based network intrusion detection[C]// Proceedings of the 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN). Piscataway:IEEE Press, 2018: 299-304. |
[6] | THAKKAR A , LOHIYA R . Fusion of statistical importance for feature selection in deep neural network-based intrusion detection system[J]. Information Fusion, 2023,90: 353-363. |
[7] | DHANABAL L , SHANTHARAJAH S P . A study on NSL-KDD dataset for intrusion detection system based on classification algorithms[J]. International Journal of Advanced Research in Computer and Communication Engineering, 2015,4(6): 446-452. |
[8] | MOUSTAFA N , SLAY J . UNSW-NB15:a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]// Proceedings of the 2015 Military Communications and Information Systems Conference (MilCIS). Piscataway:IEEE Press, 2015: 1-6. |
[9] | SHARAFALDIN I , HABIBI L A , GHORBANI A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]// Proceedings of the 4th International Conference on Information Systems Security and Privacy. Setúbal:SciTePress, 2018: 108-116. |
[10] | VIJAYANAND R , DEVARAJ D , KANNAPIRAN B . Support vector machine based intrusion detection system with reduced input features for advanced metering infrastructure of smart grid[C]// Proceedings of the 2017 4th International Conference on Advanced Computing and Communication Systems (ICACCS). Piscataway:IEEE Press, 2017: 1-7. |
[11] | TONG D , QU Y R , PRASANNA V K . Accelerating decision tree based traffic classification on FPGA and multicore platforms[J]. IEEE Transactions on Parallel and Distributed Systems, 2017,28(11): 3046-3059. |
[12] | FARNAAZ N , JABBAR M A . Random forest modeling for network intrusion detection system[J]. Procedia Computer Science, 2016,89: 213-217. |
[13] | KOC L , MAZZUCHI T A , SARKANI S . A network intrusion detection system based on a hidden na?ve Bayes multiclass classifier[J]. Expert Systems with Applications, 2012,39(18): 13492-13500. |
[14] | 段雪源, 付钰, 王坤 ,等. 基于多尺度特征的网络流量异常检测方法[J]. 通信学报, 2022,43(10): 65-76. |
DUAN X Y , FU Y , WANG K ,et al. Network traffic anomaly detection method based on multi-scale characteristic[J]. Journal on Communications, 2022,43(10): 65-76. | |
[15] | ALDARWBI M Y , LASHKARI A H , GHORBANI A A . The sound of intrusion:a novel network intrusion detection system[J]. Computers and Electrical Engineering, 2022,104:108455. |
[16] | 缪祥华, 单小撤 . 基于密集连接卷积神经网络的入侵检测技术研究[J]. 电子与信息学报, 2020,42(11): 2706-2712. |
MIAO X H , SHAN X C . Research on intrusion detection technology based on densely connected convolutional neural networks[J]. Journal of Electronics & Information Technology, 2020,42(11): 2706-2712. | |
[17] | ALTHOBAITI M M , PRADEEP M K , GUPTA D ,et al. An intelligent cognitive computing based intrusion detection for industrial cyber-physical systems[J]. Measurement, 2021,186:110145. |
[18] | THAKUR S , CHAKRABORTY A , DE R ,et al. Intrusion detection in cyber-physical systems using a generic and domain specific deep autoencoder model[J]. Computers & Electrical Engineering, 2021,91:107044. |
[19] | DUAN X Y , FU Y , WANG K . Network traffic anomaly detection method based on multi-scale residual classifier[J]. Computer Communications, 2023,198: 206-216. |
[20] | CAO B , LI C H , SONG Y F ,et al. Network intrusion detection model based on CNN and GRU[J]. Applied Sciences, 2022,12(9): 4184. |
[21] | DING H W , CHEN L Y , DONG L ,et al. Imbalanced data classification:a KNN and generative adversarial networks-based hybrid approach for intrusion detection[J]. Future Generation Computer Systems, 2022,131: 240-254. |
[22] | SONG J M , WANG X J , HE M S ,et al. CSK-CNN:network intrusion detection model based on two-layer convolution neural network for handling imbalanced dataset[J]. Information, 2023,14(2): 130. |
[23] | KINGMA D P , WELLING M . Auto-encoding variational Bayes[J]. arXiv Preprint,arXiv:1312.6114, 2013. |
[24] | GOODFELLOW I J , POUGET-ABADIE J , MIRZA M , et al . Generative adversarial nets[C]// Proceedings of the 27th International Conference on Neural Information Processing Systems. Cambridge:MIT Press, 2014: 2672-2680. |
[25] | YANG Y Q , ZHENG K F , WU C H ,et al. Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network[J]. Sensors, 2019,19(11): 2528. |
[26] | ZHANG G L , WANG X D , LI R ,et al. Network intrusion detection based on conditional Wasserstein generative adversarial network and cost-sensitive stacked autoencoder[J]. IEEE Access, 2020,8: 190431-190447. |
[27] | MA Z X , LI J , SONG Y F ,et al. Network intrusion detection method based on FCWGAN and BiLSTM[J]. Computational Intelligence and Neuroscience,2022, 2022:6591140. |
[28] | EESA A S , ORMAN Z , BRIFCANI A M A . A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems[J]. Expert Systems with Applications, 2015,42(5): 2670-2679. |
[29] | WANG Z D , LI Z Y , HE D J ,et al. A lightweight approach for network intrusion detection in industrial cyber-physical systems based on knowledge distillation and deep metric learning[J]. Expert Systems with Applications, 2022,206:117671. |
[30] | KHAN N M , MADHAV C N , NEGI A ,et al. Analysis on improving the performance of machine learning models using feature selection technique[C]// Proceedings of 18th International Conference on Intelligent Systems Design and Applications. Berlin:Springer, 2020: 69-77. |
[31] | CHANG Y P , LI W , YANG Z M . Network intrusion detection based on random forest and support vector machine[C]// Proceedings of the 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). Piscataway:IEEE Press, 2017: 635-638. |
[32] | KUMAR V , SINHA D , DAS A K ,et al. An integrated rule based intrusion detection system:analysis on UNSW-NB15 data set and the real time online dataset[J]. Cluster Computing, 2020,23(2): 1397-1418. |
[33] | AMBUSAIDI M A , HE X J , NANDA P ,et al. Building an intrusion detection system using a filter-based feature selection algorithm[J]. IEEE Transactions on Computers, 2016,65(10): 2986-2998. |
[34] | 段雪源, 付钰, 王坤 . 基于 VAE-WGAN 的多维时间序列异常检测方法[J]. 通信学报, 2022,43(3): 1-13. |
DUAN X Y , FU Y , WANG K . Multi-dimensional time series anomaly detection method based on VAE-WGAN[J]. Journal on Communications, 2022,43(3): 1-13. | |
[35] | ARJOVSKY M , CHINTALA S , BOTTOU L . Wasserstein generative adversarial networks[C]// Proceedings of the 34th International Conference on Machine Learning. New York:ACM Press, 2017: 214-223. |
[36] | GULRAJANI I , AHMED F , ARJOVSKY M ,et al. Improved training of Wasserstein GANs[J]. arXiv Preprint,arXiv:1704.00028, 2017. |
[37] | 尹梓诺, 马海龙, 胡涛 . 基于联合注意力机制和一维卷积神经网络双向长短期记忆网络模型的流量异常检测方法[J]. 电子与信息学报, 2023,45(10): 3719-3728. |
YIN Z N , MA H L , HU T . A traffic anomaly detection method based on the joint model of attention mechanism and one-dimensional convolutional neural network-bidirectional long short term memory[J]. Journal of Electronics & Information Technology, 2023,45(10): 3719-3728. | |
[38] | ZHANG H P , HUANG L L , WU C Q ,et al. An effective convolutional neural network based on SMOTE and Gaussian mixture model for intrusion detection in imbalanced dataset[J]. Computer Networks, 2020,177:107315. |
[39] | GEIGER A , LIU D Y , ALNEGHEIMISH S ,et al. TadGAN:time series anomaly detection using generative adversarial networks[C]// Proceedings of the 2020 IEEE International Conference on Big Data (Big Data). Piscataway:IEEE Press, 2020: 33-43. |
[40] | KANNA P R , SANTHI P . Hybrid intrusion detection using MapReduce based black widow optimized convolutional long short-term memory neural networks[J]. Expert Systems with Applications, 2022,194:116545. |
[41] | LOUK M H L , TAMA B A . Dual-IDS:a bagging-based gradient boosting decision tree model for network anomaly intrusion detection system[J]. Expert Systems with Applications, 2023,213:119030. |
[42] | CUI J Y , ZONG L S , XIE J H ,et al. A novel multi-module integrated intrusion detection system for high-dimensional imbalanced data[J]. Applied Intelligence, 2023,53(1): 272-288. |
[43] | AL-TURAIKI I , ALTWAIJRY N . A convolutional neural network for improved anomaly-based network intrusion detection[J]. Big Data, 2021,9(3): 233-252. |
[44] | JIANG K Y , WANG W Y , WANG A L ,et al. Network intrusion detection combined hybrid sampling with deep hierarchical network[J]. IEEE Access, 2020,8: 32464-32476. |
[45] | SHUKLA A K . Detection of anomaly intrusion utilizing self-adaptive grasshopper optimization algorithm[J]. Neural Computing and Applications, 2021,33(13): 7541-7561. |
[1] | 吴昊, 郝佳佳, 卢云龙. 物联网场景下基于蜜场的分布式网络入侵检测系统研究[J]. 通信学报, 2024, 45(1): 106-118. |
[2] | 毛伊敏, 周展, 陈志刚. 基于Spark和三路交互信息的并行深度森林算法[J]. 通信学报, 2023, 44(8): 228-240. |
[3] | 苏新, 田天, Ziyang Gong, 周一青. 基于异常行为的海洋气象传感网的入侵检测方法研究[J]. 通信学报, 2023, 44(7): 86-99. |
[4] | 魏德宾, 潘成胜, 杨力, 颜佐任. 基于网络流量水平等级预测的自适应随机早期检测算法[J]. 通信学报, 2023, 44(6): 154-166. |
[5] | 苏新, 张桂福, 行鸿彦, Zenghui Wang. 基于平衡生成对抗网络的海洋气象传感网入侵检测研究[J]. 通信学报, 2023, 44(4): 124-136. |
[6] | 仪双燕, 梁永生, 陆晶晶, 柳伟, 胡涛, 何震宇. 联合低秩重构和投影重构的稳健特征选择方法[J]. 通信学报, 2023, 44(3): 209-219. |
[7] | 王一丰, 郭渊博, 陈庆礼, 方晨, 林韧昊, 周永良, 马佳利. 基于对比增量学习的细粒度恶意流量分类方法[J]. 通信学报, 2023, 44(3): 1-11. |
[8] | 梁俊威, 杨耿, 马懋德, Muhammad Sadiq. 基于安全联邦蒸馏GAN的工业CPS协作入侵检测系统[J]. 通信学报, 2023, 44(12): 230-244. |
[9] | 段雪源, 付钰, 王坤, 刘涛涛, 李彬. 基于多尺度特征的网络流量异常检测方法[J]. 通信学报, 2022, 43(10): 65-76. |
[10] | 王一丰, 郭渊博, 陈庆礼, 方晨, 林韧昊. 基于对比学习的细粒度未知恶意流量分类方法[J]. 通信学报, 2022, 43(10): 12-25. |
[11] | 刘奇旭, 王君楠, 尹捷, 陈艳辉, 刘嘉熹. 对抗机器学习在网络入侵检测领域的应用[J]. 通信学报, 2021, 42(11): 1-12. |
[12] | 胡永进,郭渊博,马骏,张晗,毛秀青. 基于对抗样本的网络欺骗流量生成方法[J]. 通信学报, 2020, 41(9): 59-70. |
[13] | 田有亮,吴雨龙,李秋贤. 基于信息论的入侵检测最佳响应方案[J]. 通信学报, 2020, 41(7): 121-130. |
[14] | 魏德宾,沈婷,杨力,戚耀文. 基于自相似流量水平分级预测的网络队列调度算法[J]. 通信学报, 2020, 41(4): 182-189. |
[15] | 李永豪, 胡亮, 张平, 高万夫. 基于动态图拉普拉斯的多标签特征选择[J]. 通信学报, 2020, 41(12): 47-59. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|