摘要
用户伪装入侵检测技术作为一种主动式安全防护技术已成为当前的研究热点。现有的用户伪装入侵检测技术存在难以准确建模用户行为模式的缺陷。利用卷积神经网络(convolution neural network,CNN)处理局部关联性数据和特征提取的优势,以及长短期记忆(long short-term memory,LSTM)神经网络捕获数据时序性和长程依赖性的优势,设计了一种结合卷积和长短期记忆的深度神经网络(CCNN-LSTM)用于伪装入侵检测。该方法具有较强的学习能力,能自动学习数据的表征而无需人工提取复杂特征,在面对复杂高维的海量数据时具有较强的潜力。实验结果表明,该方法具有更高的检测率及更低的检测代价,其性能胜过多个基线系统。
The intrusion detection of internal malicious users,as an active security protection technology,has been a hot research topic in recent years.Existing methods are unable to accurately model the users'behavior.This paper proposes a novel CCNN-LSTM method which combines the convolution neural network(CNN)and long short-term memory(LSTM)neural network for camouflage intrusion detection.The basic idea is to use convolution neural network to capture the local correlation in users'activity data,and use long short-term memory neural network to deal with sequential relationship and long-range dependency.The proposed method can automatically learn the representation of data without artificial extraction of complex features,and can also scale to large volume of high dimensional data.The experimental results show that the proposed method has higher detection rate and lower detection cost than a number of baselines.
作者
王毅
冯小年
钱铁云
朱辉
周静
WANG Yi;FENG Xiaonian;QIAN Tieyun;ZHU Hui;ZHOU Jing(School of Computer Science,Wuhan University,Wuhan 430072,China;China Power Finance Co.,Ltd.,Beijing 100005,China;Beijing Huitong Financial Information Technology Co.,Ltd.,Beijing 100094,China)
出处
《计算机科学与探索》
CSCD
北大核心
2018年第4期575-585,共11页
Journal of Frontiers of Computer Science and Technology
基金
国家自然科学基金No.61572376~~
关键词
伪装用户入侵检测
深度神经网络
卷积神经网络
长短期记忆人工神经网络
intrusion detection of malicious users
depth neural network
convolution neural network
long and short-term memory artificial neural network
