[1]张安琳,张启坤,黄道颖,等.基于CNN与BiGRU融合神经网络的入侵检测模型[J].郑州大学学报(工学版),2022,43(03):37-43.[doi:10.13705/j.issn.1671-6833.2022.03.003]
 ZHANG Anlin,ZHANG Qikun,HUANG Daoying,et al.Intrusion Detection Model Based on CNN and BiGRU Fused Neural Network[J].Journal of Zhengzhou University (Engineering Science),2022,43(03):37-43.[doi:10.13705/j.issn.1671-6833.2022.03.003]
点击复制

基于CNN与BiGRU融合神经网络的入侵检测模型()
分享到:

《郑州大学学报(工学版)》[ISSN:1671-6833/CN:41-1339/T]

卷:
43
期数:
2022年03期
页码:
37-43
栏目:
出版日期:
2022-04-10

文章信息/Info

Title:
Intrusion Detection Model Based on CNN and BiGRU Fused Neural Network
作者:
张安琳1张启坤2黄道颖2刘江豪2李建春2陈孝文2
1.郑州轻工业大学工程训练中心;2.郑州轻工业大学计算机与通信工程学院;

Author(s):
ZHANG Anlin1 ZHANG Qikun2 HUANG Daoying2 LIU Jianghao2 LI Jianchun2 CHEN Xiaowen2
1.Engineering Training Center, Zhengzhou University of Light Industry, Zhengzhou 450001, China;
2.College of Computer and Communication Engineering, Zhengzhou University of Light Industry, Zhengzhou 450001, China
关键词:
Keywords:
intrusion detection convolutional neural networks bidirectional gated recurrent unit synthetic minority over-sampling technique algorithm Tomek Links algorithm
分类号:
TP393;TP183
DOI:
10.13705/j.issn.1671-6833.2022.03.003
文献标志码:
A
摘要:
针对深度学习入侵检测中出现的数据类不平衡及特征学习不全面等问题,提出了一种基于卷积神经网络(CNN)与双向门控循环单元( BiCRU)融合的神经网络入侵检测模型。通过SMOTE-Tomek算法完成对数据集的平衡处理,使用基于平均不纯度减少的特征重要性算法实现特征选择,将CNN和BiGRU模型进行特征融合并引入注意力机制进行特征提取,从而提高模型的总体检测性能。使用入侵检测数据集CSE-CIC-IDS2018进行多分类实验,并与经典单一深度学习模型进行对比。实验结果表明:在数据集平衡方面,经SMOTE-Tomek 算法处理, DoS attacks-Slow HTTP Test 识别准确率从0提升至34.66% ,sQL Injection识别准确率从0提升至100% , DDoS attack-LOIC-UDP 、Brute Force-Web和BruteForce-XSS分别提升了5.22百分点,6.55百分点和35.71百分点,证明了平衡后的数据集较未经过处理的数据集在少数类的识别精度上提升明显。在模型的总体检测性能方面,在多分类实验对比中,所提模型总的分类精确率、召回率以及F1值均高于其他几种单一神经网络模型。其中各攻击流量类别的总评精确率比LSTM模型提升了2.10百分点总评召回率比LSTM模型提升了1.50百分点总评F1值比GRU模型提升了1.97百分点,从而证明了该模型具有更好的检测效果。
Abstract:
Aiming at the problems of unbalanced data types and incomplete feature learning in deep learning intrusion detection, a neural network intrusion detection model based on the fusion of convolutional neural networks(CNN)and bidirectional gated recurrent unit(BiGRU)was proposed.The SMOTE-Tomek algorithm was used to balance the data set, the feature importance algorithm based on mean decrease impurity was used to realize feature selection; the CNN and BiGRU models used for feature fusion and attention mechanism was introduced for feature extraction, so as to improve the overall detection performance of the model.The intrusion detection data set CSE-CIC-IDS2018 was used for multi classification experiments, the model was compared with the classical single deep learning models.The experimental results showed that, firstly, in terms of data set balance, after being processed by SMOTE-Tomek algorithm, the recognition accuracy of DoS attacks-Slow HTTP Test class was improved from 0 to 34.66%, that of SQL Injection class was improved from 0 to 100%, and DDoS attack-LOIC-UDP, Brute Force-Web and Brute Force-XSS classes were improved by 5.22 percentage points, 6.55 percentage points and 35.71 percentage points respectively.It was proved that the balanced data set improved the recognition accuracy of a few classes significantly compared with the unprocessed data set.Secondly, in terms of the overall detection performance of the model, in the comparison of multi classification experiments, the overall classification accuracy, recall and F1 value of the model in this study were higher than those of several other single neural network models.The overall evaluation accuracy of each attack traffic category was about 2.10 percentage points higher than that of the highest LSTM model.The recall rate of the overall evaluation was about 1.50 percentage points higher than that of the highest LSTM model.Compared with the highest GRU model, the overall F1 value increased by about 1.97 percentage points.It was proved that the model had better detection effect.

参考文献/References:

[1] FERNÁNDEZ G C, XU S H. A case study on using deep learning for network intrusion detection [ C ] / / MILCOM 2019 IEEE Military Communications Conference (MILCOM) . Piscataway:IEEE,2019:1-6.

 [2] 张蕾,崔勇,刘静,等. 机器学习在网络空间安全研究 中的应用[J]. 计算机学报,2018,41(9):1943-1975.
 [3] 张玉清,董颖,柳彩云,等. 深度学习应用于网络空 间安全的现状、趋势与展望 [ J] . 计 算 机 研 究 与 发 展,2018,55(6) :1117-1142. 
[4] LECUN Y,BOSER B,DENKER J S,et al. Backpropagation applied to handwritten zip code recognition[ J] . Neural computation,1989,1(4) :541-551.
 [5] ROY S S,MALLIK A,GULATI R,et al. A deep learning based artificial neural network approach for intrusion detection[ J] . Mathematics and computing,2017, 655:44-53. 
[6] WANG W,ZHU M,ZENG X W,et al. Malware traffic classification using convolutional neural network for representation learning [ C] / / 2017 International Conference on Information Networking ( ICOIN) . Piscataway:IEEE,2017:712-717.
 [7] NASEER S, SALEEM Y,KHALID S, et al. Enhanced network anomaly detection based on deep neural networks[ J] . IEEE access,2018,6:48231-48246. 
[8] KIM J,KIM J,LE T T H,et al. Long short term memory recurrent neural network classifier for intrusion detection[ C ] / / 2016 International Conference on Platform Technology and Service ( PlatCon) . Piscataway: IEEE,2016:1-5. 
[9] PUTCHALA M K. Deep learning approach for intrusion detection system (IDS) in the internet of things ( IoT) network using gated recurrent neural networks (GRU) [D]. Dayton:Wright State University, 2017. 
[10] 王伟. 基于深度学习的网络流量分类及异常检测方 法研究[D] . 合肥:中国科学技术大学,2018.
 [11] YIN C L,ZHU Y F,FEI J L,et al. A deep learning approach for intrusion detection using recurrent neural networks[ J] . IEEE access,2017,5:21954-21961.
 [12] 张勇东,陈思洋,彭雨荷,等. 基于深度学习的网络 入侵检测研究综述 [ J] . 广州大学学报 ( 自然科学 版) ,2019,18(3) :17-26. 
[13] 陈洁,邵志清,张欢欢,等. 基于并行混合神经网络 模型的短文本情感分析[ J] . 计算机应用,2019,39 (8) :2192-2197. 
[14] SCHUSTER M,PALIWAL K K. Bidirectional recurrent neural networks [ J] . IEEE transactions on signal processing,1997,45(11) :2673-2681. 
[15] SHARAFALDIN I, LASHKARI A H, GHORBANI A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization[ C] / / Proceedings of the 4th International Conference on Information Systems Security and Privacy. Funchal: ICISSP, 2018: 108-116. 
[16] PANIGRAHI R, BORAH S. A detailed analysis of CICIDS2017 dataset for designing Intrusion Detection Systems [ J ] . International journal of engineering & technology, 2018, 7: 479-482.
 [17] CHAWLA N V, BOWYER K W, HALL L O, et al. SMOTE: synthetic minority over-sampling technique [ J] . Journal of artificial intelligence research, 2002, 16:321-357.
 [18] BATISTA G E A P A,PRATI R C,MONARD M C. A study of the behavior of several methods for balancing machine learning training data[ J] . ACM SIGKDD explorations newsletter,2004,6(1) :20-29. 
[19] 李勇,金庆雨,张青川. 融合位置注意力机制和改进 BLSTM 的食 品 评 论 情 感 分 析 [ J] . 郑 州 大 学 学 报 (工学版) ,2020,41(1) :58-62.
 [20] 朱张莉,饶元,吴渊,等. 注意力机制在深度学习中 的研究进展[ J] . 中文信息学报,2019,33(6) :1-11. 
[21] DOGO E M,AFOLABI O J,NWULU N I,et al. A comparative analysis of gradient descent-based optimization algorithms on convolutional neural networks [ C ] / / 2018 International Conference on Computational Techniques, Electronics and Mechanical Systems (CTEMS) . Piscataway:IEEE,2018:92-99

相似文献/References:

[1]袁航,钟发海,聂上上,等.基于卷积神经网络的道路拥堵识别研究[J].郑州大学学报(工学版),2019,40(02):21.[doi:10.13705/j.issn.1671-6833.2019.02.008]
 LUO Ronghui,YUAN Hang,ZHONG Fahai,et al.The Research of Traffic Jam Detection Based on Convolutional Neural Network[J].Journal of Zhengzhou University (Engineering Science),2019,40(03):21.[doi:10.13705/j.issn.1671-6833.2019.02.008]
[2]刘帅奇,王洁,安彦玲,等.基于CNN的非下采样剪切波域多聚焦图像融合[J].郑州大学学报(工学版),2019,40(04):7.[doi:10.13705/j.issn.1671-6833.2019.04.002]
 Shuaiqi Liu,Wang Jie,An Yanling,et al.Multi- focus Image Fusion Based on Convolution Neural Network in Non-sampled Shearlet Domain[J].Journal of Zhengzhou University (Engineering Science),2019,40(03):7.[doi:10.13705/j.issn.1671-6833.2019.04.002]
[3]李勇,金庆雨,张青川.融合位置注意力机制和改进BLSTM的食品评论情感分析[J].郑州大学学报(工学版),2020,41(01):58.[doi:10.13705/j.issn.1671-6833.2020.01.006]
 Li Yong,Jin Qingyu,Zhang Qingchuan.Improved BLSTM Food Review Sentiment Analysis with Positional Attention Mechanisms[J].Journal of Zhengzhou University (Engineering Science),2020,41(03):58.[doi:10.13705/j.issn.1671-6833.2020.01.006]
[4]魏宏彬,张端金,杜广明,等.基于改进型YOLO v3的蔬菜识别算法[J].郑州大学学报(工学版),2020,41(02):7.[doi:10.13705/j.issn.1671-6833.2020.03.002]
 Wei Hongbin,Zhang Duanjin,Du Guangming,et al.Vegetable Detection Algorithm Based on Improved YOLO v3[J].Journal of Zhengzhou University (Engineering Science),2020,41(03):7.[doi:10.13705/j.issn.1671-6833.2020.03.002]
[5]张坚鑫,郭四稳,张国兰,等.基于多尺度特征融合的火灾检测模型[J].郑州大学学报(工学版),2021,42(05):13.[doi:10.13705/j.issn.1671-6833.2021.05.016]
 Zhang Jianxin,Guo Si Jing,Zhang Guolan,et al.Fire Detection Model Based on Multi-scale Feature Fusion[J].Journal of Zhengzhou University (Engineering Science),2021,42(03):13.[doi:10.13705/j.issn.1671-6833.2021.05.016]
[6]逯鹏,王汉章,毛晓波,等.基于卷积自编码器网络的脉搏波分类模型[J].郑州大学学报(工学版),2021,42(05):56.[doi:10.13705/j.issn.1671-6833.2021.05.004]
 LU Peng,WANG Hanzhang,MAO Xiaobo,et al.Pulse Wave Classification Model Based on Convolutional Autoencoder[J].Journal of Zhengzhou University (Engineering Science),2021,42(03):56.[doi:10.13705/j.issn.1671-6833.2021.05.004]
[7]卜佑军,张桥,陈博,等.基于CNN-BiLSTM算法的钓鱼网页检测技术研究[J].郑州大学学报(工学版),2021,42(06):15.[doi:10.13705/j.issn.1671-6833.2021.04.022]
 BU Youjun,ZHANG Qiao,CHEN Bo,et al.Research on Phishing URL Detection Technology Based on CNN-BiLSTM[J].Journal of Zhengzhou University (Engineering Science),2021,42(03):15.[doi:10.13705/j.issn.1671-6833.2021.04.022]
[8]成科扬,荣兰,蒋森林,等.基于深度学习的遥感图像超分辨率重建技术综述[J].郑州大学学报(工学版),2022,43(05):8.[doi:10.13705/j.issn.1671-6833.2022.05.013]
 CHENG Keyang,RONG Lan,JIANG Senlin,et al.Overview of Methods for Remote Sensing Image Super-resolution Reconstruction Based on Deep Learning[J].Journal of Zhengzhou University (Engineering Science),2022,43(03):8.[doi:10.13705/j.issn.1671-6833.2022.05.013]
[9]蒋建东,张海峰,郭嘉琦.基于改进蜣螂算法的短期风电功率预测[J].郑州大学学报(工学版),2024,45(pre):2.[doi:10.13705/j.issn.1671-6833.2025.01.015]
 JIANG Jiandong,ZHANG HaifenfGUO jiaqi.Short Term Wind Power Forecasting Based on Improved Dung Beetle Optimization Algorithm[J].Journal of Zhengzhou University (Engineering Science),2024,45(03):2.[doi:10.13705/j.issn.1671-6833.2025.01.015]

更新日期/Last Update: 2022-05-02