一种基于深度可分离卷积和注意力机制的入侵检测方法

doi:10.11959/j.issn.2096-3750.2023.00307

物联网学报 ›› 2023, Vol. 7 ›› Issue (1): 49-59.doi: 10.11959/j.issn.2096-3750.2023.00307

一种基于深度可分离卷积和注意力机制的入侵检测方法

张志飞¹^,²^,³, 刘峰¹^,²^,³, 葛祎阳¹^,²^,³, 李烁¹^,²^,³, 张煜⁴, 熊轲¹^,²^,³

¹ 北京交通大学计算机与信息技术学院高速铁路网络管理教育部工程研究中心，北京 100044
² 北京交通大学轨道交通安全协同创新中心，北京 100044
³ 北京交通大学移动专用网络国家工程研究中心，北京 100044
⁴ 国网能源研究院有限公司，北京 102209

修回日期:2022-10-29 出版日期:2023-03-30 发布日期:2023-03-01
作者简介:张志飞（1971- ），男，博士，北京交通大学计算机与信息技术学院高级工程师，主要研究方向为无线通信、网络安全等
刘峰（1998– ），男，北京交通大学计算机与信息技术学院硕士生，主要研究方向为网络安全、入侵检测、深度学习等
葛祎阳（1997− ），男，北京交通大学计算机与信息技术学院博士生，主要研究方向为深度学习、强化学习、信息年龄、无线能量传输网络和6G网络等
李烁（1998- ），男，北京交通大学计算机与信息技术学院硕士生，主要研究方向为可靠传输、拥塞控制、强化学习等
张煜（1983− ），男，博士，国网能源研究院有限公司高级研究员，主要研究方向为边缘计算、无线协作网络和能源互联网等
熊轲（1981− ），男，博士，北京交通大学计算机与信息技术学院教授、副院长，主要研究方向为无线协作网络、无线移动网络和网络信息理论等
基金资助:
中央高校基本科研业务费资助项目(2022JBZY021);国家自然科学基金资助项目(62071033)

An intrusion detection method based on depthwise separable convolution and attention mechanism

Zhifei ZHANG¹^,²^,³, Feng LIU¹^,²^,³, Yiyang GE¹^,²^,³, Shuo LI¹^,²^,³, Yu ZHANG⁴, Ke XIONG¹^,²^,³

¹ Engineering Research Center of Network Management Technology for High Speed Railway of Ministry of Education, School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
² Collaborative Innovation Center of Railway Traffic Safety, Beijing Jiaotong University, Beijing 100044, China
³ National Engineering Research Center of Advanced Network Technologies, Beijing Jiaotong University, Beijing 100044, China
⁴ State Grid Energy Research Institute Co., Ltd., Beijing 102209, China

Revised:2022-10-29 Online:2023-03-30 Published:2023-03-01
Supported by:
The Fundamental Research Funds for the Central Universities(2022JBZY021);The National Natural Science Foundation of China(62071033)

摘要/Abstract

摘要：

为提高网络入侵检测中多分类的准确率，提出了一种基于深度可分离卷积和注意力机制的入侵检测方法。该方法通过深度可分离卷积、长短期记忆网络组成级联结构，提高了模型对数据中空间和时间特征的提取能力；进一步融入混合域注意力机制完善特征提取过程，提高了模型的检测能力。为了解决在中小样本上检测率低的问题，设计了一种基于变分自编码器和生成对抗网络的数据平衡策略，能有效应对网络数据集的数据不平衡现象，提升了所提检测方法的适应性。在CICIDS-2017、NSL-KDD和UNSW-NB15数据集上的实验结果表明，所提方法能够取得99.80%、99.32%、83.87%的准确率，检测准确率分别提高了0.6%、0.5%、2.3%。

关键词: 深度学习, 入侵检测, 注意力机制, 生成对抗网络

Abstract:

In order to improve the accuracy of multi-classification in network intrusion detection, an intrusion detection method was proposed based on depthwise separable convolution and attention mechanism.By constructing a cascade structure combining depthwise separable convolution and long-term and short-term memory networks, the spatial and temporal features of network traffic data can be better extracted.A mixed-domain attention mechanism was introduced to enhance the detection performance.To solve the problem of low detection rate in some samples, a data balance strategy based on the combination of the variational auto-encoder (VAE) the generative adversarial network (GAN) and was designed, which can effectively cope with imbalanced datasets and improve the adaptability of the proposed detection method.The experimental results show that the proposed method is able to achieve 99.80%, 99.32%, and 83.87% accuracy on the CICIDS-2017, NSL-KDD and UNSW-NB15 datasets, which is improved by 0.6%, 0.5%, and 2.3%, respectively.

Key words: deep learning, intrusion detection, attention mechanism, generative adversarial network

中图分类号:

TN915.08

张志飞, 刘峰, 葛祎阳, 李烁, 张煜, 熊轲. 一种基于深度可分离卷积和注意力机制的入侵检测方法[J]. 物联网学报, 2023, 7(1): 49-59.

Zhifei ZHANG, Feng LIU, Yiyang GE, Shuo LI, Yu ZHANG, Ke XIONG. An intrusion detection method based on depthwise separable convolution and attention mechanism[J]. Chinese Journal on Internet of Things, 2023, 7(1): 49-59.

图/表 18

图1

图2

图3

图4

图5

图6

图7

表1

图8

表2

表3

添加混合域注意力机制前后的整体准确率对比"

模型	CICIDS-2017	NSL-KDD	UNSW-NB15
所提入侵检测模型	$99 . 12 %$	$98 . 86 %$	$81 . 07 %$
无注意力机制模型	98.78%	98.14%	79.26%

表3

表4

所提模型与其他带有注意力机制的基线模型在CICIDS-2017数据集上的准确率对比"

模型	准确率
LCHI+AM^[13]	97.97%
CN+AM^[14]	97.56%
L2+AMNN^[15]	99.05%
FL+AM^[16]	99.28%
DQN+AM^[17]	98.70%
本文模型	$99 . 12 %$

表4

表5

所提模型与其他带有注意力机制的基线模型在NSL-KDD数据集上的准确率对比"

模型	准确率
LCHI+AM^[13]	79.16%
CN+AM^[14]	95.88%
DQN+AM^[17]	97.40%
DLNID^[18]	90.73%
DL+AM^[19]	95.00%
本文模型	$98 . 86 %$

表5

表6

所提模型与其他带有注意力机制的基线模型在UNSW-NB15数据集上的准确率对比"

模型	准确率
LCHI+AM^[13]	80.33%
TCN+AM^[20]	72.92%
DAL^[21]	81.28%
DL+AM^[19]	73.00%
CAL+AM^[22]	78.94%
本文模型	$81 . 07 %$

表6

图9

表7

表8

表9

参考文献 35

[1]	LIU H Y , LANG B . Machine learning and deep learning methods for intrusion detection systems:a survey[J]. Applied Sciences. 2019,9(20): 4396-4420.
[2]	RADOGLOU-GRAMMATIKIS P I , SARIGIANNIDIS P G . An anomaly-based intrusion detection system for the smart grid based on CART decision tree[C]// Proceedings of 2018 Global Information Infrastructure and Networking Symposium (GIIS). Piscataway:IEEE Press, 2018: 1-5.
[3]	任晓奎, 缴文斌, 周丹 . 基于粒子群的加权朴素贝叶斯入侵检测模型[J]. 计算机工程与应用, 2016,52(7): 122-126.
	REN X K , JIAO W B , ZHOU D . Intrusion detection model of weighted navie Bayes based on particle swarm optimization algorithm[J]. Computer Engineering and Applications, 2016,52(7): 122-126.
[4]	LOPEZ-MARTIN M , CARRO B , SANCHEZ-ESGUEVILLAS A ,et al. Conditional variational autoencoder for prediction and feature recovery applied to intrusion detection in IoT[J]. Sensors (Basel,Switzerland), 2017,17(9): E1967.
[5]	WANG W , SHENG Y Q , WANG J L ,et al. HAST-IDS:learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection[J]. IEEE Access, 2018,6(99): 1792-1806.
[6]	ALTHUBITI S A , JONES E M , ROY K . LSTM for anomaly-based network intrusion detection[C]// Proceedings of 2018 28th International Telecommunication Networks and Applications Conference (ITNAC). Piscataway:IEEE Press, 2018: 1-3.
[7]	KANNA P R , SANTHI P . Unified deep learning approach for efficient intrusion detection system using integrated spatial-temporal features[J]. Knowledge-Based Systems, 2021,226:107132.
[8]	ASHFAQ KHAN M , KIM Y . Deep learning-based hybrid intelligent intrusion detection system[J]. Computers,Materials ＆ Continua, 2021,68(1): 671-687.
[9]	JIA H P , LIU J , ZHANG M ,et al. Network intrusion detection based on IE-DBN model[J]. Computer Communications, 2021,178: 131-140.
[10]	SIFRE L , MALLAT S . Rigid-Motion scattering for texture classification[J]. Computer Science, 2014,3559: 501-515.
[11]	MNIH V , HEESS N , GRAVES A . Recurrent models of visual attention[C]// Advances in neural information processing systems, 2014(2): 2203-2212.
[12]	GOODFELLOW I , POUGET-ABADIE J , MIRZA M ,et al. Generative adversarial nets[J]. Communications of the ACM, 2020,63(11): 139-144.
[13]	LEI S W , XIA C H , WANG T B . LCHI:low-order correlation and high-order interaction integrated model oriented to network intrusion detection[J]. Wireless Communications and Mobile Computing,2021, 2021:6830372.
[14]	刘烁, 张兴兰 . 基于双重注意力的入侵检测系统[J]. 信息网络安全, 2022,22(1): 80-86.
	LIU S , ZHANG X L . Intrusion detection system based on dual attention[J]. Netinfo Security, 2022,22(1): 80-86.
[15]	曹磊, 李占斌, 杨永胜 ,等. 基于双层注意力神经网络的入侵检测方法[J]. 计算机工程与应用, 2021,57(19): 142-149.
	CAO L , LI Z B , YANG Y S ,et al. Intrusion detection method based on two-layer attention networks[J]. Computer Engineering and Applications, 2021,57(19): 142-149.
[16]	CHEN Z , LV N , LIU P F ,et al. Intrusion detection for wireless edge networks based on federated learning[J]. IEEE Access, 2020(8): 217463-217472.
[17]	SETHI K , MADHAV Y V , KUMAR R ,et al. Attention based multi-agent intrusion detection systems using reinforcement learning[J]. Journal of Information Security and Applications, 2021,61:102923.
[18]	FU Y F , DU Y S , CAO Z J ,et al. A deep learning model for network intrusion detection with imbalanced data[J]. Electronics, 2022,11(6): 898.
[19]	ANDRESINI G , APPICE A , CAFORIO F P ,et al. ROULETTE:a neural attention multi-output model for explainable Network Intrusion Detection[J]. Expert Systems With Applications, 2022,201:117144.
[20]	ZHAO P , FAN Z J , CAO Z W ,et al. Intrusion detection model using temporal convolutional network blend into attention mechanism[J]. International Journal of Information Security and Privacy, 2022,16(1): 1-20.
[21]	CAO K , ZHU J Q , FENG W ,et al. Network intrusion detection based on dense dilated convolutions and attention mechanism[C]// Proceedings of 2021 International Wireless Communications and Mobile Computing (IWCMC). Piscataway:IEEE Press, 2021: 463-468.
[22]	曹轲, 朱金奇, 马春梅 ,等. 联合多重卷积与注意力机制的网络入侵检测[J]. 天津师范大学学报(自然科学版), 2021,41(3): 75-80.
	CAO K , ZHU J Q , MA C M ,et al. Network intrusion detection based on multiple convolutions and attention mechanism[J]. Journal of Tianjin Normal University (Natural Science Edition), 2021,41(3): 75-80.
[23]	AHMIM A , MAGLARAS L , FERRAG M A ,et al. A novel hierarchical intrusion detection system based on decision tree and rules-based models[C]// Proceedings of 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). Piscataway:IEEE Press, 2019: 228-233.
[24]	DE GREGORIO M , GIORDANO M . An experimental evaluation of weightless neural networks for multi-class classification[J]. Applied Soft Computing, 2018,72: 338-354.
[25]	ADNAN M N , ISLAM M Z . Forest PA:constructing a decision forest by penalizing attributes used in previous trees[J]. Expert Systems With Applications, 2017,89: 389-403.
[26]	CHANG C C , LIN C J . LIBSVM:a library for support vector machines[J]. ACM Transactions on Intelligent Systems and Technology, 2007: 2-20.
[27]	ZHANG X Q , CHEN J H , ZHOU Y ,et al. A multiple-layer representation learning model for network-based attack detection[J]. IEEE Access, 2019(7): 91992-92008.
[28]	MOHAMMADI S , NAMADCHIAN A . A new deep learning approach for anomaly base IDS using memetic classifier[J]. International Journal of Computers Communications ＆ Control, 2017,12(5): 677.
[29]	QURESHI A U H , LARIJANI H , YOUSEFI M ,et al. An adversarial approach for intrusion detection systems using Jacobian saliency map attacks (JSMA) algorithm[J]. Computers, 2020,9(3): 58.
[30]	SUMAIYA THASEEN I , ASWANI KUMAR C . Intrusion detection model using fusion of Chi-square feature selection and multi class SVM[J]. Journal of King Saud University - Computer and Information Sciences, 2017,29(4): 462-472.
[31]	丁红卫, 万良, 周康 ,等. 基于深度卷积神经网络的入侵检测研究[J]. 计算机科学, 2019(10): 173-179.
	DING H W , WAN L , ZHOU K ,et al. Study on intrusion detection based on deep convolution neural network[J]. Computer Science, 2019(10): 173-179.
[32]	ZHANG G L , WANG X D , LI R ,et al. Network intrusion detection based on conditional Wasserstein generative adversarial network and costsensitive stacked autoencoder[J]. IEEE Access, 2020(8): 190431-190447.
[33]	YANG Y Q , ZHENG K F , WU C H ,et al. Building an effective intrusion detection system using the modified density peak clustering algorithm and deep belief networks[J]. Applied Sciences, 2019,9(2): 238.
[34]	RAJAGOPAL S , KUNDAPUR P P , HAREESHA K S . A stacking ensemble for network intrusion detection using heterogeneous datasets[J]. Security and Communication Networks,2020, 2020:4586875.
[35]	PAPAMARTZIVANOS D , GóMEZ MáRMOL F , KAMBOURAKIS G . Dendron:genetic trees driven rule induction for network intrusion detection systems[J]. Future Generation Computer Systems, 2018,79: 558-574.

类别	数据平衡前占比	总生成数量/个	数据平衡后占比
Fuzzers	6.0%	3 000	7.0%
Worms	0.4%	3 000	1.4%
Shellcode	3.6%	4 200	5.0%
Generic	9.0%	5 400	10.8%

阶段	类别	属性1 state	属性2 sttl	属性3 Dtcpb	属性4 synack	属性5 ackdat	属性6 dmean
	Normal	FIN	62	17 824 254	0.071 3	0.069 7	123
预处理前	Reconnaissance	INT	254	0	0	0	0
	Generic	FIN	62	2.43×10⁹	0.022 7	0.480	1 133
	0	4	0.243	0.004 15	0.022 1	0.023 8	0.082
预处理后	1	2	0.996	0	0.005 47	0.028 5	0.029 3
	5	4	0.243	0.565	0.007 05	0.016 4	0.756

标签	本文方法	Hierarchical	WISARD	ForestPA	LIBSVM	FURIA
BENIGN	99.85%	98.86%	97.13%	96.45%	94.87%	96.83%
DoS Hulk	99.99%	96.78%	67.60%	93.94%	73.70%	98.65%
Port Scan	99.78%	99.88%	51.40%	99.59%	48.52%	87.11%
DdoS	99.98%	99.87%	54.69%	99.81%	55.97%	99.75%
DoS GoldenEye	99.65%	67.57%	48.71%	67.57%	57.57%	65.14%
FTP-Patator	99.93%	99.63%	0.00%	99.72%	0.00%	99.63%
SSH-Patator	99.84%	99.90%	0.00%	100%	0.00%	100%
DoS slowloris	99.30%	97.75%	78.90%	92.84%	78.18%	93.75%
DoS Slowhttptest	99.34%	93.84%	23.35%	86.82%	76.56%	78.35%
Bot	92.82%	46.47%	1.44%	48.71%	0.00%	48.07%
Web Attack Brute Force	82.14%	73.26%	4.69%	73.46%	80.81%	49.79%
Web Attack-XSS	50.00%	30.62%	1.25%	34.37%	0.00%	58.75%
Infiltration	76.92%	100%	50.00%	83.33%	0.00%	83.33%
Web Attack Sql Injection	100%	50.00%	0.00%	50.00%	0.00%	50.00%
Heartbleed	80.00%	100%	80.00%	100%	0.00%	40.00%

标签	本文方法	DL	RNN-ADV	GAN-PSO-ELM	DCNN	SAVAER-DNN
Normal	98.82%	98.11%	95.46%	97.85%	99.47%	95.30%
Dos	99.78%	98.75%	96.61%	98.11%	99.13%	85.10%
Probe	98.65%	83.34%	85.55%	97.31%	94.35%	74.47%
R2L	94.10%	48.35%	55.58%	89.28%	83.21%	53.59%
U2R	84.00%	74.28%	63.92%	80.53%	64.10%	44.50%

标签	本文方法	MDPCA-DBN	SE	GTDR
Normal	94.65%	82.85%	91.82%	97.39%
Generic	98.70%	96.93%	98.32%	81.37%
Exploits	90.71%	83.51%	85.00%	76.22%
Fuzzers	60.15%	44.39%	60.97%	64.42%
DoS	10.50%	23.72%	25.00%	14.29%
Reconnaissance	79.00%	76.68%	74.80%	46.07%
Analysis	8.76%	0.00%	11.00%	20.45%
Backdoor	9.44%	0.85%	10.79%	67.32%
Shellcode	69.53%	39.47%	58.22%	36.39%
Worms	40.00%	11.11%	37.50%	18.37%

一种基于深度可分离卷积和注意力机制的入侵检测方法

An intrusion detection method based on depthwise separable convolution and attention mechanism

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 18

参考文献 35

相关文章 15

Metrics

推荐阅读 0

[1]	蒋锐, 孙刘婷, 王小明, 李大鹏, 徐友云. 基于AE和Transformer的运动想象脑电信号分类研究[J]. 物联网学报, 2023, 7(1): 118-128.
[2]	张彪, 汪西明, 徐逸凡, 李文, 韩昊, 刘松仪, 陈学强. 基于多智能体深度强化学习的多域协同抗干扰方法研究[J]. 物联网学报, 2022, 6(4): 104-116.
[3]	李贤, 毕宿志, 曾泓儒, 林彬, 林晓辉. 基于智能化用户协作的边缘计算任务卸载与资源分配优化[J]. 物联网学报, 2022, 6(4): 41-52.
[4]	罗丹, 徐茹枝, 关志涛. 物联网环境中基于深度学习的差分隐私预算优化方法[J]. 物联网学报, 2022, 6(2): 65-76.
[5]	徐宣哲, 宁珂, 郑学敏, 赵明心, 徐萌萌, 吴南健, 刘力源. 基于硬件仿真系统的边缘计算人工智能视觉芯片设计验证[J]. 物联网学报, 2022, 6(1): 20-28.
[6]	李国权, 徐永海, 林金朝, 黄正文. 基于Res-DNN的端到端MIMO系统信号检测算法[J]. 物联网学报, 2022, 6(1): 65-72.
[7]	赵甘霖, 余畅, 张建富, 杨建新, 冯平法, 沈群. 基于AR虚实图像注意力机制的电缆装配质量检测方法[J]. 物联网学报, 2021, 5(3): 27-38.
[8]	谈玲, 荣杉山, 夏景明, SajibSarker, 马雯杰. 基于IR-VGG的多分类皮肤病实时诊断[J]. 物联网学报, 2021, 5(3): 115-125.
[9]	梁浩然, 伍军, 赵程程, 李建华. 基于博弈优化边缘学习的物联网入侵检测研究[J]. 物联网学报, 2021, 5(2): 37-47.
[10]	林椿珉, 曾烈康, 陈旭. 边缘智能驱动的高能效无人机自主导航算法研究[J]. 物联网学报, 2021, 5(2): 87-96.
[11]	王福展, 朱晓荣, 陈美娟, 朱洪波. 基于生成对抗网络的高精度室内无线定位方法[J]. 物联网学报, 2021, 5(2): 107-115.
[12]	陈慕涵,郭佳佳,李潇,金石. 基于深度学习的大规模MIMO信道状态信息反馈[J]. 物联网学报, 2020, 4(1): 33-44.
[13]	李赞,廖晓闽,石嘉,肖培. 面向认知物联网的隐蔽通信智能功率控制[J]. 物联网学报, 2020, 4(1): 52-58.
[14]	金驰,李志军,孙大洋,胡封晔. 基于空间特征的无线体域网人体姿态识别算法[J]. 物联网学报, 2019, 3(3): 70-75.
[15]	廖勇,姚海梅,花远肖. 一种基于深度学习的物联网信道状态信息获取算法[J]. 物联网学报, 2019, 3(1): 8-13.