一种基于深度可分离卷积和注意力机制的入侵检测方法

doi:10.11959/j.issn.2096-3750.2023.00307

Abstract

Abstract:

In order to improve the accuracy of multi-classification in network intrusion detection, an intrusion detection method was proposed based on depthwise separable convolution and attention mechanism.By constructing a cascade structure combining depthwise separable convolution and long-term and short-term memory networks, the spatial and temporal features of network traffic data can be better extracted.A mixed-domain attention mechanism was introduced to enhance the detection performance.To solve the problem of low detection rate in some samples, a data balance strategy based on the combination of the variational auto-encoder (VAE) the generative adversarial network (GAN) and was designed, which can effectively cope with imbalanced datasets and improve the adaptability of the proposed detection method.The experimental results show that the proposed method is able to achieve 99.80%, 99.32%, and 83.87% accuracy on the CICIDS-2017, NSL-KDD and UNSW-NB15 datasets, which is improved by 0.6%, 0.5%, and 2.3%, respectively.

Key words: deep learning, intrusion detection, attention mechanism, generative adversarial network

CLC Number:

TN915.08

Zhifei ZHANG, Feng LIU, Yiyang GE, Shuo LI, Yu ZHANG, Ke XIONG. An intrusion detection method based on depthwise separable convolution and attention mechanism[J]. Chinese Journal on Internet of Things, 2023, 7(1): 49-59.

Figures/Tables 18

模型	CICIDS-2017	NSL-KDD	UNSW-NB15
所提入侵检测模型	$99 . 12 %$	$98 . 86 %$	$81 . 07 %$
无注意力机制模型	98.78%	98.14%	79.26%

模型	准确率
LCHI+AM^[13]	97.97%
CN+AM^[14]	97.56%
L2+AMNN^[15]	99.05%
FL+AM^[16]	99.28%
DQN+AM^[17]	98.70%
本文模型	$99 . 12 %$

模型	准确率
LCHI+AM^[13]	79.16%
CN+AM^[14]	95.88%
DQN+AM^[17]	97.40%
DLNID^[18]	90.73%
DL+AM^[19]	95.00%
本文模型	$98 . 86 %$

模型	准确率
LCHI+AM^[13]	80.33%
TCN+AM^[20]	72.92%
DAL^[21]	81.28%
DL+AM^[19]	73.00%
CAL+AM^[22]	78.94%
本文模型	$81 . 07 %$

References 35

[1]	LIU H Y , LANG B . Machine learning and deep learning methods for intrusion detection systems:a survey[J]. Applied Sciences. 2019,9(20): 4396-4420.
[2]	RADOGLOU-GRAMMATIKIS P I , SARIGIANNIDIS P G . An anomaly-based intrusion detection system for the smart grid based on CART decision tree[C]// Proceedings of 2018 Global Information Infrastructure and Networking Symposium (GIIS). Piscataway:IEEE Press, 2018: 1-5.
[3]	任晓奎, 缴文斌, 周丹 . 基于粒子群的加权朴素贝叶斯入侵检测模型[J]. 计算机工程与应用, 2016,52(7): 122-126.
	REN X K , JIAO W B , ZHOU D . Intrusion detection model of weighted navie Bayes based on particle swarm optimization algorithm[J]. Computer Engineering and Applications, 2016,52(7): 122-126.
[4]	LOPEZ-MARTIN M , CARRO B , SANCHEZ-ESGUEVILLAS A ,et al. Conditional variational autoencoder for prediction and feature recovery applied to intrusion detection in IoT[J]. Sensors (Basel,Switzerland), 2017,17(9): E1967.
[5]	WANG W , SHENG Y Q , WANG J L ,et al. HAST-IDS:learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection[J]. IEEE Access, 2018,6(99): 1792-1806.
[6]	ALTHUBITI S A , JONES E M , ROY K . LSTM for anomaly-based network intrusion detection[C]// Proceedings of 2018 28th International Telecommunication Networks and Applications Conference (ITNAC). Piscataway:IEEE Press, 2018: 1-3.
[7]	KANNA P R , SANTHI P . Unified deep learning approach for efficient intrusion detection system using integrated spatial-temporal features[J]. Knowledge-Based Systems, 2021,226:107132.
[8]	ASHFAQ KHAN M , KIM Y . Deep learning-based hybrid intelligent intrusion detection system[J]. Computers,Materials ＆ Continua, 2021,68(1): 671-687.
[9]	JIA H P , LIU J , ZHANG M ,et al. Network intrusion detection based on IE-DBN model[J]. Computer Communications, 2021,178: 131-140.
[10]	SIFRE L , MALLAT S . Rigid-Motion scattering for texture classification[J]. Computer Science, 2014,3559: 501-515.
[11]	MNIH V , HEESS N , GRAVES A . Recurrent models of visual attention[C]// Advances in neural information processing systems, 2014(2): 2203-2212.
[12]	GOODFELLOW I , POUGET-ABADIE J , MIRZA M ,et al. Generative adversarial nets[J]. Communications of the ACM, 2020,63(11): 139-144.
[13]	LEI S W , XIA C H , WANG T B . LCHI:low-order correlation and high-order interaction integrated model oriented to network intrusion detection[J]. Wireless Communications and Mobile Computing,2021, 2021:6830372.
[14]	刘烁, 张兴兰 . 基于双重注意力的入侵检测系统[J]. 信息网络安全, 2022,22(1): 80-86.
	LIU S , ZHANG X L . Intrusion detection system based on dual attention[J]. Netinfo Security, 2022,22(1): 80-86.
[15]	曹磊, 李占斌, 杨永胜 ,等. 基于双层注意力神经网络的入侵检测方法[J]. 计算机工程与应用, 2021,57(19): 142-149.
	CAO L , LI Z B , YANG Y S ,et al. Intrusion detection method based on two-layer attention networks[J]. Computer Engineering and Applications, 2021,57(19): 142-149.
[16]	CHEN Z , LV N , LIU P F ,et al. Intrusion detection for wireless edge networks based on federated learning[J]. IEEE Access, 2020(8): 217463-217472.
[17]	SETHI K , MADHAV Y V , KUMAR R ,et al. Attention based multi-agent intrusion detection systems using reinforcement learning[J]. Journal of Information Security and Applications, 2021,61:102923.
[18]	FU Y F , DU Y S , CAO Z J ,et al. A deep learning model for network intrusion detection with imbalanced data[J]. Electronics, 2022,11(6): 898.
[19]	ANDRESINI G , APPICE A , CAFORIO F P ,et al. ROULETTE:a neural attention multi-output model for explainable Network Intrusion Detection[J]. Expert Systems With Applications, 2022,201:117144.
[20]	ZHAO P , FAN Z J , CAO Z W ,et al. Intrusion detection model using temporal convolutional network blend into attention mechanism[J]. International Journal of Information Security and Privacy, 2022,16(1): 1-20.
[21]	CAO K , ZHU J Q , FENG W ,et al. Network intrusion detection based on dense dilated convolutions and attention mechanism[C]// Proceedings of 2021 International Wireless Communications and Mobile Computing (IWCMC). Piscataway:IEEE Press, 2021: 463-468.
[22]	曹轲, 朱金奇, 马春梅 ,等. 联合多重卷积与注意力机制的网络入侵检测[J]. 天津师范大学学报(自然科学版), 2021,41(3): 75-80.
	CAO K , ZHU J Q , MA C M ,et al. Network intrusion detection based on multiple convolutions and attention mechanism[J]. Journal of Tianjin Normal University (Natural Science Edition), 2021,41(3): 75-80.
[23]	AHMIM A , MAGLARAS L , FERRAG M A ,et al. A novel hierarchical intrusion detection system based on decision tree and rules-based models[C]// Proceedings of 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). Piscataway:IEEE Press, 2019: 228-233.
[24]	DE GREGORIO M , GIORDANO M . An experimental evaluation of weightless neural networks for multi-class classification[J]. Applied Soft Computing, 2018,72: 338-354.
[25]	ADNAN M N , ISLAM M Z . Forest PA:constructing a decision forest by penalizing attributes used in previous trees[J]. Expert Systems With Applications, 2017,89: 389-403.
[26]	CHANG C C , LIN C J . LIBSVM:a library for support vector machines[J]. ACM Transactions on Intelligent Systems and Technology, 2007: 2-20.
[27]	ZHANG X Q , CHEN J H , ZHOU Y ,et al. A multiple-layer representation learning model for network-based attack detection[J]. IEEE Access, 2019(7): 91992-92008.
[28]	MOHAMMADI S , NAMADCHIAN A . A new deep learning approach for anomaly base IDS using memetic classifier[J]. International Journal of Computers Communications ＆ Control, 2017,12(5): 677.
[29]	QURESHI A U H , LARIJANI H , YOUSEFI M ,et al. An adversarial approach for intrusion detection systems using Jacobian saliency map attacks (JSMA) algorithm[J]. Computers, 2020,9(3): 58.
[30]	SUMAIYA THASEEN I , ASWANI KUMAR C . Intrusion detection model using fusion of Chi-square feature selection and multi class SVM[J]. Journal of King Saud University - Computer and Information Sciences, 2017,29(4): 462-472.
[31]	丁红卫, 万良, 周康 ,等. 基于深度卷积神经网络的入侵检测研究[J]. 计算机科学, 2019(10): 173-179.
	DING H W , WAN L , ZHOU K ,et al. Study on intrusion detection based on deep convolution neural network[J]. Computer Science, 2019(10): 173-179.
[32]	ZHANG G L , WANG X D , LI R ,et al. Network intrusion detection based on conditional Wasserstein generative adversarial network and costsensitive stacked autoencoder[J]. IEEE Access, 2020(8): 190431-190447.
[33]	YANG Y Q , ZHENG K F , WU C H ,et al. Building an effective intrusion detection system using the modified density peak clustering algorithm and deep belief networks[J]. Applied Sciences, 2019,9(2): 238.
[34]	RAJAGOPAL S , KUNDAPUR P P , HAREESHA K S . A stacking ensemble for network intrusion detection using heterogeneous datasets[J]. Security and Communication Networks,2020, 2020:4586875.
[35]	PAPAMARTZIVANOS D , GóMEZ MáRMOL F , KAMBOURAKIS G . Dendron:genetic trees driven rule induction for network intrusion detection systems[J]. Future Generation Computer Systems, 2018,79: 558-574.

Metrics

Recommended 0

No Suggested Reading articles found!

类别	数据平衡前占比	总生成数量/个	数据平衡后占比
Fuzzers	6.0%	3 000	7.0%
Worms	0.4%	3 000	1.4%
Shellcode	3.6%	4 200	5.0%
Generic	9.0%	5 400	10.8%

阶段	类别	属性1 state	属性2 sttl	属性3 Dtcpb	属性4 synack	属性5 ackdat	属性6 dmean
	Normal	FIN	62	17 824 254	0.071 3	0.069 7	123
预处理前	Reconnaissance	INT	254	0	0	0	0
	Generic	FIN	62	2.43×10⁹	0.022 7	0.480	1 133
	0	4	0.243	0.004 15	0.022 1	0.023 8	0.082
预处理后	1	2	0.996	0	0.005 47	0.028 5	0.029 3
	5	4	0.243	0.565	0.007 05	0.016 4	0.756

标签	本文方法	Hierarchical	WISARD	ForestPA	LIBSVM	FURIA
BENIGN	99.85%	98.86%	97.13%	96.45%	94.87%	96.83%
DoS Hulk	99.99%	96.78%	67.60%	93.94%	73.70%	98.65%
Port Scan	99.78%	99.88%	51.40%	99.59%	48.52%	87.11%
DdoS	99.98%	99.87%	54.69%	99.81%	55.97%	99.75%
DoS GoldenEye	99.65%	67.57%	48.71%	67.57%	57.57%	65.14%
FTP-Patator	99.93%	99.63%	0.00%	99.72%	0.00%	99.63%
SSH-Patator	99.84%	99.90%	0.00%	100%	0.00%	100%
DoS slowloris	99.30%	97.75%	78.90%	92.84%	78.18%	93.75%
DoS Slowhttptest	99.34%	93.84%	23.35%	86.82%	76.56%	78.35%
Bot	92.82%	46.47%	1.44%	48.71%	0.00%	48.07%
Web Attack Brute Force	82.14%	73.26%	4.69%	73.46%	80.81%	49.79%
Web Attack-XSS	50.00%	30.62%	1.25%	34.37%	0.00%	58.75%
Infiltration	76.92%	100%	50.00%	83.33%	0.00%	83.33%
Web Attack Sql Injection	100%	50.00%	0.00%	50.00%	0.00%	50.00%
Heartbleed	80.00%	100%	80.00%	100%	0.00%	40.00%

标签	本文方法	DL	RNN-ADV	GAN-PSO-ELM	DCNN	SAVAER-DNN
Normal	98.82%	98.11%	95.46%	97.85%	99.47%	95.30%
Dos	99.78%	98.75%	96.61%	98.11%	99.13%	85.10%
Probe	98.65%	83.34%	85.55%	97.31%	94.35%	74.47%
R2L	94.10%	48.35%	55.58%	89.28%	83.21%	53.59%
U2R	84.00%	74.28%	63.92%	80.53%	64.10%	44.50%

标签	本文方法	MDPCA-DBN	SE	GTDR
Normal	94.65%	82.85%	91.82%	97.39%
Generic	98.70%	96.93%	98.32%	81.37%
Exploits	90.71%	83.51%	85.00%	76.22%
Fuzzers	60.15%	44.39%	60.97%	64.42%
DoS	10.50%	23.72%	25.00%	14.29%
Reconnaissance	79.00%	76.68%	74.80%	46.07%
Analysis	8.76%	0.00%	11.00%	20.45%
Backdoor	9.44%	0.85%	10.79%	67.32%
Shellcode	69.53%	39.47%	58.22%	36.39%
Worms	40.00%	11.11%	37.50%	18.37%

An intrusion detection method based on depthwise separable convolution and attention mechanism

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 18

References 35

Related Articles 14

Metrics

Recommended 0

[1]	Rui JIANG, Liuting SUN, Xiaoming WANG, Dapeng LI, Youyun XU. Research on EEG signal classification of motor imagery based on AE and Transformer [J]. Chinese Journal on Internet of Things, 2023, 7(1): 118-128.
[2]	Biao ZHANG, Ximing WANG, Yifan XU, Wen LI, Hao HAN, Songyi LIU, Xueqiang CHEN. Multi-domain collaborative anti-jamming based on multi-agent deep reinforcement learning [J]. Chinese Journal on Internet of Things, 2022, 6(4): 104-116.
[3]	Dan LUO, Ruzhi XU, Zhitao GUAN. Differential privacy budget optimization based on deep learning in IoT [J]. Chinese Journal on Internet of Things, 2022, 6(2): 65-76.
[4]	Xuanzhe XU, Ke NING, Xuemin ZHENG, Mingxin ZHAO, Mengmeng XU, Nanjian WU, Liyuan LIU. Verification of an artificial intelligence vision chip design for edge computing based on hardware simulation system [J]. Chinese Journal on Internet of Things, 2022, 6(1): 20-28.
[5]	Guoquan LI, Yonghai XU, Jinzhao LIN, Zhengwen HUANG. Res-DNN based signal detection algorithm for end-to-end MIMO systems [J]. Chinese Journal on Internet of Things, 2022, 6(1): 65-72.
[6]	Ganlin ZHAO, Chang YU, Jianfu ZHANG, Jianxin YANG, Pingfa FENG, Qun SHEN. Inspection method for cable assembly quality based on AR virtual-real image attention mechanism [J]. Chinese Journal on Internet of Things, 2021, 5(3): 27-38.
[7]	Ling TAN, Shanshan RONG, Jingming XIA, Sarker SAJIB, Wenjie MA. Real-time diagnosis of multi-category skin diseases based on IR-VGG [J]. Chinese Journal on Internet of Things, 2021, 5(3): 115-125.
[8]	Haoran LIANG, Jun WU, Chengcheng ZHAO, Jianhua LI. Leveraging edge learning and game theory for intrusion detection in Internet of things [J]. Chinese Journal on Internet of Things, 2021, 5(2): 37-47.
[9]	Chunmin LIN, Liekang ZENG, Xu CHEN. Research on power efficient autonomous UAV navigation algorithm: an edge intelligence driven approach [J]. Chinese Journal on Internet of Things, 2021, 5(2): 87-96.
[10]	Fuzhan WANG, Xiaorong ZHU, Meijuan CHEN, Hongbo ZHU. High-precision indoor wireless positioning method based on generative adversarial network [J]. Chinese Journal on Internet of Things, 2021, 5(2): 107-115.
[11]	Muhan CHEN,Jiajia GUO,Xiao LI,Shi JIN. An overview of the CSI feedback based on deep learning for massive MIMO systems [J]. Chinese Journal on Internet of Things, 2020, 4(1): 33-44.
[12]	Zan LI,Xiaomin LIAO,Jia SHI,Pei XIAO. Intelligent power control for covert communication in cognitive Internet of things [J]. Chinese Journal on Internet of Things, 2020, 4(1): 52-58.
[13]	Chi JIN,Zhijun LI,Dayang SUN,Fengye HU. Human activity recognition algorithm based on the spatial feature for WBAN [J]. Chinese Journal on Internet of Things, 2019, 3(3): 70-75.
[14]	Yong LIAO,Haimei YAO,Yuanxiao HUA. Channel state information acquisition algorithm based on deep learning for IoT [J]. Chinese Journal on Internet of Things, 2019, 3(1): 8-13.