物联网学报 ›› 2023, Vol. 7 ›› Issue (1): 49-59.doi: 10.11959/j.issn.2096-3750.2023.00307
张志飞1,2,3, 刘峰1,2,3, 葛祎阳1,2,3, 李烁1,2,3, 张煜4, 熊轲1,2,3
修回日期:
2022-10-29
出版日期:
2023-03-30
发布日期:
2023-03-01
作者简介:
张志飞(1971- ),男,博士,北京交通大学计算机与信息技术学院高级工程师,主要研究方向为无线通信、网络安全等基金资助:
Zhifei ZHANG1,2,3, Feng LIU1,2,3, Yiyang GE1,2,3, Shuo LI1,2,3, Yu ZHANG4, Ke XIONG1,2,3
Revised:
2022-10-29
Online:
2023-03-30
Published:
2023-03-01
Supported by:
摘要:
为提高网络入侵检测中多分类的准确率,提出了一种基于深度可分离卷积和注意力机制的入侵检测方法。该方法通过深度可分离卷积、长短期记忆网络组成级联结构,提高了模型对数据中空间和时间特征的提取能力;进一步融入混合域注意力机制完善特征提取过程,提高了模型的检测能力。为了解决在中小样本上检测率低的问题,设计了一种基于变分自编码器和生成对抗网络的数据平衡策略,能有效应对网络数据集的数据不平衡现象,提升了所提检测方法的适应性。在CICIDS-2017、NSL-KDD和UNSW-NB15数据集上的实验结果表明,所提方法能够取得99.80%、99.32%、83.87%的准确率,检测准确率分别提高了0.6%、0.5%、2.3%。
中图分类号:
张志飞, 刘峰, 葛祎阳, 李烁, 张煜, 熊轲. 一种基于深度可分离卷积和注意力机制的入侵检测方法[J]. 物联网学报, 2023, 7(1): 49-59.
Zhifei ZHANG, Feng LIU, Yiyang GE, Shuo LI, Yu ZHANG, Ke XIONG. An intrusion detection method based on depthwise separable convolution and attention mechanism[J]. Chinese Journal on Internet of Things, 2023, 7(1): 49-59.
表2
UNSW-NB15数据集预处理效果"
阶段 | 类别 | 属性1 state | 属性2 sttl | 属性3 Dtcpb | 属性4 synack | 属性5 ackdat | 属性6 dmean |
Normal | FIN | 62 | 17 824 254 | 0.071 3 | 0.069 7 | 123 | |
预处理前 | Reconnaissance | INT | 254 | 0 | 0 | 0 | 0 |
Generic | FIN | 62 | 2.43×109 | 0.022 7 | 0.480 | 1 133 | |
0 | 4 | 0.243 | 0.004 15 | 0.022 1 | 0.023 8 | 0.082 | |
预处理后 | 1 | 2 | 0.996 | 0 | 0.005 47 | 0.028 5 | 0.029 3 |
5 | 4 | 0.243 | 0.565 | 0.007 05 | 0.016 4 | 0.756 |
表7
本文模型与其他模型在CICIDS-2017数据集上的F1值对比"
标签 | 本文方法 | Hierarchical | WISARD | ForestPA | LIBSVM | FURIA |
BENIGN | 99.85% | 98.86% | 97.13% | 96.45% | 94.87% | 96.83% |
DoS Hulk | 99.99% | 96.78% | 67.60% | 93.94% | 73.70% | 98.65% |
Port Scan | 99.78% | 99.88% | 51.40% | 99.59% | 48.52% | 87.11% |
DdoS | 99.98% | 99.87% | 54.69% | 99.81% | 55.97% | 99.75% |
DoS GoldenEye | 99.65% | 67.57% | 48.71% | 67.57% | 57.57% | 65.14% |
FTP-Patator | 99.93% | 99.63% | 0.00% | 99.72% | 0.00% | 99.63% |
SSH-Patator | 99.84% | 99.90% | 0.00% | 100% | 0.00% | 100% |
DoS slowloris | 99.30% | 97.75% | 78.90% | 92.84% | 78.18% | 93.75% |
DoS Slowhttptest | 99.34% | 93.84% | 23.35% | 86.82% | 76.56% | 78.35% |
Bot | 92.82% | 46.47% | 1.44% | 48.71% | 0.00% | 48.07% |
Web Attack Brute Force | 82.14% | 73.26% | 4.69% | 73.46% | 80.81% | 49.79% |
Web Attack-XSS | 50.00% | 30.62% | 1.25% | 34.37% | 0.00% | 58.75% |
Infiltration | 76.92% | 100% | 50.00% | 83.33% | 0.00% | 83.33% |
Web Attack Sql Injection | 100% | 50.00% | 0.00% | 50.00% | 0.00% | 50.00% |
Heartbleed | 80.00% | 100% | 80.00% | 100% | 0.00% | 40.00% |
表8
本文模型与其他模型在NSL-KDD数据集上的F1值对比"
标签 | 本文方法 | DL | RNN-ADV | GAN-PSO-ELM | DCNN | SAVAER-DNN |
Normal | 98.82% | 98.11% | 95.46% | 97.85% | 99.47% | 95.30% |
Dos | 99.78% | 98.75% | 96.61% | 98.11% | 99.13% | 85.10% |
Probe | 98.65% | 83.34% | 85.55% | 97.31% | 94.35% | 74.47% |
R2L | 94.10% | 48.35% | 55.58% | 89.28% | 83.21% | 53.59% |
U2R | 84.00% | 74.28% | 63.92% | 80.53% | 64.10% | 44.50% |
表9
本文模型与其他模型在UNSW-NB15数据集上的召回率对比"
标签 | 本文方法 | MDPCA-DBN | SE | GTDR |
Normal | 94.65% | 82.85% | 91.82% | 97.39% |
Generic | 98.70% | 96.93% | 98.32% | 81.37% |
Exploits | 90.71% | 83.51% | 85.00% | 76.22% |
Fuzzers | 60.15% | 44.39% | 60.97% | 64.42% |
DoS | 10.50% | 23.72% | 25.00% | 14.29% |
Reconnaissance | 79.00% | 76.68% | 74.80% | 46.07% |
Analysis | 8.76% | 0.00% | 11.00% | 20.45% |
Backdoor | 9.44% | 0.85% | 10.79% | 67.32% |
Shellcode | 69.53% | 39.47% | 58.22% | 36.39% |
Worms | 40.00% | 11.11% | 37.50% | 18.37% |
[1] | LIU H Y , LANG B . Machine learning and deep learning methods for intrusion detection systems:a survey[J]. Applied Sciences. 2019,9(20): 4396-4420. |
[2] | RADOGLOU-GRAMMATIKIS P I , SARIGIANNIDIS P G . An anomaly-based intrusion detection system for the smart grid based on CART decision tree[C]// Proceedings of 2018 Global Information Infrastructure and Networking Symposium (GIIS). Piscataway:IEEE Press, 2018: 1-5. |
[3] | 任晓奎, 缴文斌, 周丹 . 基于粒子群的加权朴素贝叶斯入侵检测模型[J]. 计算机工程与应用, 2016,52(7): 122-126. |
REN X K , JIAO W B , ZHOU D . Intrusion detection model of weighted navie Bayes based on particle swarm optimization algorithm[J]. Computer Engineering and Applications, 2016,52(7): 122-126. | |
[4] | LOPEZ-MARTIN M , CARRO B , SANCHEZ-ESGUEVILLAS A ,et al. Conditional variational autoencoder for prediction and feature recovery applied to intrusion detection in IoT[J]. Sensors (Basel,Switzerland), 2017,17(9): E1967. |
[5] | WANG W , SHENG Y Q , WANG J L ,et al. HAST-IDS:learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection[J]. IEEE Access, 2018,6(99): 1792-1806. |
[6] | ALTHUBITI S A , JONES E M , ROY K . LSTM for anomaly-based network intrusion detection[C]// Proceedings of 2018 28th International Telecommunication Networks and Applications Conference (ITNAC). Piscataway:IEEE Press, 2018: 1-3. |
[7] | KANNA P R , SANTHI P . Unified deep learning approach for efficient intrusion detection system using integrated spatial-temporal features[J]. Knowledge-Based Systems, 2021,226:107132. |
[8] | ASHFAQ KHAN M , KIM Y . Deep learning-based hybrid intelligent intrusion detection system[J]. Computers,Materials & Continua, 2021,68(1): 671-687. |
[9] | JIA H P , LIU J , ZHANG M ,et al. Network intrusion detection based on IE-DBN model[J]. Computer Communications, 2021,178: 131-140. |
[10] | SIFRE L , MALLAT S . Rigid-Motion scattering for texture classification[J]. Computer Science, 2014,3559: 501-515. |
[11] | MNIH V , HEESS N , GRAVES A . Recurrent models of visual attention[C]// Advances in neural information processing systems, 2014(2): 2203-2212. |
[12] | GOODFELLOW I , POUGET-ABADIE J , MIRZA M ,et al. Generative adversarial nets[J]. Communications of the ACM, 2020,63(11): 139-144. |
[13] | LEI S W , XIA C H , WANG T B . LCHI:low-order correlation and high-order interaction integrated model oriented to network intrusion detection[J]. Wireless Communications and Mobile Computing,2021, 2021:6830372. |
[14] | 刘烁, 张兴兰 . 基于双重注意力的入侵检测系统[J]. 信息网络安全, 2022,22(1): 80-86. |
LIU S , ZHANG X L . Intrusion detection system based on dual attention[J]. Netinfo Security, 2022,22(1): 80-86. | |
[15] | 曹磊, 李占斌, 杨永胜 ,等. 基于双层注意力神经网络的入侵检测方法[J]. 计算机工程与应用, 2021,57(19): 142-149. |
CAO L , LI Z B , YANG Y S ,et al. Intrusion detection method based on two-layer attention networks[J]. Computer Engineering and Applications, 2021,57(19): 142-149. | |
[16] | CHEN Z , LV N , LIU P F ,et al. Intrusion detection for wireless edge networks based on federated learning[J]. IEEE Access, 2020(8): 217463-217472. |
[17] | SETHI K , MADHAV Y V , KUMAR R ,et al. Attention based multi-agent intrusion detection systems using reinforcement learning[J]. Journal of Information Security and Applications, 2021,61:102923. |
[18] | FU Y F , DU Y S , CAO Z J ,et al. A deep learning model for network intrusion detection with imbalanced data[J]. Electronics, 2022,11(6): 898. |
[19] | ANDRESINI G , APPICE A , CAFORIO F P ,et al. ROULETTE:a neural attention multi-output model for explainable Network Intrusion Detection[J]. Expert Systems With Applications, 2022,201:117144. |
[20] | ZHAO P , FAN Z J , CAO Z W ,et al. Intrusion detection model using temporal convolutional network blend into attention mechanism[J]. International Journal of Information Security and Privacy, 2022,16(1): 1-20. |
[21] | CAO K , ZHU J Q , FENG W ,et al. Network intrusion detection based on dense dilated convolutions and attention mechanism[C]// Proceedings of 2021 International Wireless Communications and Mobile Computing (IWCMC). Piscataway:IEEE Press, 2021: 463-468. |
[22] | 曹轲, 朱金奇, 马春梅 ,等. 联合多重卷积与注意力机制的网络入侵检测[J]. 天津师范大学学报(自然科学版), 2021,41(3): 75-80. |
CAO K , ZHU J Q , MA C M ,et al. Network intrusion detection based on multiple convolutions and attention mechanism[J]. Journal of Tianjin Normal University (Natural Science Edition), 2021,41(3): 75-80. | |
[23] | AHMIM A , MAGLARAS L , FERRAG M A ,et al. A novel hierarchical intrusion detection system based on decision tree and rules-based models[C]// Proceedings of 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). Piscataway:IEEE Press, 2019: 228-233. |
[24] | DE GREGORIO M , GIORDANO M . An experimental evaluation of weightless neural networks for multi-class classification[J]. Applied Soft Computing, 2018,72: 338-354. |
[25] | ADNAN M N , ISLAM M Z . Forest PA:constructing a decision forest by penalizing attributes used in previous trees[J]. Expert Systems With Applications, 2017,89: 389-403. |
[26] | CHANG C C , LIN C J . LIBSVM:a library for support vector machines[J]. ACM Transactions on Intelligent Systems and Technology, 2007: 2-20. |
[27] | ZHANG X Q , CHEN J H , ZHOU Y ,et al. A multiple-layer representation learning model for network-based attack detection[J]. IEEE Access, 2019(7): 91992-92008. |
[28] | MOHAMMADI S , NAMADCHIAN A . A new deep learning approach for anomaly base IDS using memetic classifier[J]. International Journal of Computers Communications & Control, 2017,12(5): 677. |
[29] | QURESHI A U H , LARIJANI H , YOUSEFI M ,et al. An adversarial approach for intrusion detection systems using Jacobian saliency map attacks (JSMA) algorithm[J]. Computers, 2020,9(3): 58. |
[30] | SUMAIYA THASEEN I , ASWANI KUMAR C . Intrusion detection model using fusion of Chi-square feature selection and multi class SVM[J]. Journal of King Saud University - Computer and Information Sciences, 2017,29(4): 462-472. |
[31] | 丁红卫, 万良, 周康 ,等. 基于深度卷积神经网络的入侵检测研究[J]. 计算机科学, 2019(10): 173-179. |
DING H W , WAN L , ZHOU K ,et al. Study on intrusion detection based on deep convolution neural network[J]. Computer Science, 2019(10): 173-179. | |
[32] | ZHANG G L , WANG X D , LI R ,et al. Network intrusion detection based on conditional Wasserstein generative adversarial network and costsensitive stacked autoencoder[J]. IEEE Access, 2020(8): 190431-190447. |
[33] | YANG Y Q , ZHENG K F , WU C H ,et al. Building an effective intrusion detection system using the modified density peak clustering algorithm and deep belief networks[J]. Applied Sciences, 2019,9(2): 238. |
[34] | RAJAGOPAL S , KUNDAPUR P P , HAREESHA K S . A stacking ensemble for network intrusion detection using heterogeneous datasets[J]. Security and Communication Networks,2020, 2020:4586875. |
[35] | PAPAMARTZIVANOS D , GóMEZ MáRMOL F , KAMBOURAKIS G . Dendron:genetic trees driven rule induction for network intrusion detection systems[J]. Future Generation Computer Systems, 2018,79: 558-574. |
[1] | 蒋锐, 孙刘婷, 王小明, 李大鹏, 徐友云. 基于AE和Transformer的运动想象脑电信号分类研究[J]. 物联网学报, 2023, 7(1): 118-128. |
[2] | 张彪, 汪西明, 徐逸凡, 李文, 韩昊, 刘松仪, 陈学强. 基于多智能体深度强化学习的多域协同抗干扰方法研究[J]. 物联网学报, 2022, 6(4): 104-116. |
[3] | 李贤, 毕宿志, 曾泓儒, 林彬, 林晓辉. 基于智能化用户协作的边缘计算任务卸载与资源分配优化[J]. 物联网学报, 2022, 6(4): 41-52. |
[4] | 罗丹, 徐茹枝, 关志涛. 物联网环境中基于深度学习的差分隐私预算优化方法[J]. 物联网学报, 2022, 6(2): 65-76. |
[5] | 徐宣哲, 宁珂, 郑学敏, 赵明心, 徐萌萌, 吴南健, 刘力源. 基于硬件仿真系统的边缘计算人工智能视觉芯片设计验证[J]. 物联网学报, 2022, 6(1): 20-28. |
[6] | 李国权, 徐永海, 林金朝, 黄正文. 基于Res-DNN的端到端MIMO系统信号检测算法[J]. 物联网学报, 2022, 6(1): 65-72. |
[7] | 赵甘霖, 余畅, 张建富, 杨建新, 冯平法, 沈群. 基于AR虚实图像注意力机制的电缆装配质量检测方法[J]. 物联网学报, 2021, 5(3): 27-38. |
[8] | 谈玲, 荣杉山, 夏景明, SajibSarker, 马雯杰. 基于IR-VGG的多分类皮肤病实时诊断[J]. 物联网学报, 2021, 5(3): 115-125. |
[9] | 梁浩然, 伍军, 赵程程, 李建华. 基于博弈优化边缘学习的物联网入侵检测研究[J]. 物联网学报, 2021, 5(2): 37-47. |
[10] | 林椿珉, 曾烈康, 陈旭. 边缘智能驱动的高能效无人机自主导航算法研究[J]. 物联网学报, 2021, 5(2): 87-96. |
[11] | 王福展, 朱晓荣, 陈美娟, 朱洪波. 基于生成对抗网络的高精度室内无线定位方法[J]. 物联网学报, 2021, 5(2): 107-115. |
[12] | 陈慕涵,郭佳佳,李潇,金石. 基于深度学习的大规模MIMO信道状态信息反馈[J]. 物联网学报, 2020, 4(1): 33-44. |
[13] | 李赞,廖晓闽,石嘉,肖培. 面向认知物联网的隐蔽通信智能功率控制[J]. 物联网学报, 2020, 4(1): 52-58. |
[14] | 金驰,李志军,孙大洋,胡封晔. 基于空间特征的无线体域网人体姿态识别算法[J]. 物联网学报, 2019, 3(3): 70-75. |
[15] | 廖勇,姚海梅,花远肖. 一种基于深度学习的物联网信道状态信息获取算法[J]. 物联网学报, 2019, 3(1): 8-13. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|