摘要
In recent years, network traffic data have become larger and more complex, leading to higher possibilities of network intrusion. Traditional intrusion detection methods face difficulty in processing high-speed network data and cannot detect currently unknown attacks. Therefore, this paper proposes a network attack detection method combining a flow calculation and deep learning. The method consists of two parts: a real-time detection algorithm based on flow calculations and frequent patterns and a classification algorithm based on the deep belief network and support vector machine(DBN-SVM). Sliding window(SW) stream data processing enables real-time detection, and the DBN-SVM algorithm can improve classification accuracy. Finally, to verify the proposed method, a system is implemented.Based on the CICIDS2017 open source data set, a series of comparative experiments are conducted. The method's real-time detection efficiency is higher than that of traditional machine learning algorithms. The attack classification accuracy is 0.7 percentage points higher than that of a DBN, which is 2 percentage points higher than that of the integrated algorithm boosting and bagging methods. Hence, it is suitable for the real-time detection of high-speed network intrusions.
基金
supported by the National Key Research and Development Program of China(2017YFB1401300,2017YFB1401304)
the National Natural Science Foundation of China(61702211,L1724007,61902203)
Hubei Provincial Science and Technology Program of China(2017AKA191)
the Self-Determined Research Funds of Central China Normal University(CCNU)from the Colleges’Basic Research(CCNU17QD0004,CCNU17GF0002)
the Natural Science Foundation of Shandong Province(ZR2017QF015)
the Key Research and Development Plan–Major Scientific and Technological Innovation Projects of Shandong Province(2019JZZY020101)。
