摘要
为了实现入侵检测系统对未知攻击类型的检测,提出基于深度学习的网络异常检测方法。利用置信度神经网络,对已知类型流量和未知攻击流量进行自适应判别。基于深度神经网络,制定置信度估计方法评估模型分类结果,训练模型面向已知类型流量时输出高置信度值,识别到未知攻击流量时输出低置信度值,从而实现对未知攻击网络流量的检测,并设计自适应损失平衡策略和基于学习自动机的动态正则化策略优化异常检测模型。在网络异常检测UNSW-NB15和CICIDS 2017数据集上进行仿真实验,评估模型效果。结果表明,该方法实现了未知攻击流量的有效检测,并提高了已知类型流量的分类效果,从而增强了入侵检测系统的综合性能。
A deep learning-based method for network anomaly detection is proposed to discriminate unknown attacks for an intrusion detection system.A confidence-based neural network is adopted to adaptively distinguish the traffic information of given behaviors and that of unknown attacks.The proposed model is trained to assign a higher confidence value to a piece of traffic information from a known behavior and a lower confidence value to that from an unknown attack.Moreover,an adaptive loss balance strategy and a learning automata-based dynamic regularization strategy are designed to improve the performance of the model.The proposed model is evaluated in benchmark datasets UNSW-NB15 and CICIDS 2017.Compared with traditional models,the simulation results indicate that the proposed model can detect the unknown attack effectively while preserving an advantageous classification effect for traffic from known attacks.
作者
狄冲
李桐
DI Chong;LI Tong(School of Cyber Science and Engineering,Shanghai Jiao Tong University,Shanghai 200240,China;Electric Power Research Institute of State Grid Liaoning Electric Power Co.,Ltd.,Shenyang 110000,China)
出处
《计算机工程与应用》
CSCD
北大核心
2020年第22期109-116,共8页
Computer Engineering and Applications
基金
国家电网有限公司总部科技项目“电力系统终端嵌入式组件和控制单元安全防护技术”(No.2019GW—12)。
关键词
网络安全
入侵检测
深度学习
cyber security
intrusion detection
deep learning
