基于内外卷积网络的网络入侵检测

Internal-External Convolutional Networks for Network Intrusion Detection

网络入侵检测通过分析流量特征来区分正常和异常的网络行为以实现入侵流量的检测,是网络安全领域的重要研究课题.针对已有入侵检测模型特征提取过程复杂、信息提取不足等问题,提出了一种基于内外卷积网络的入侵检测模型.首先使用一维卷积神经网络提取流量数据的内部特征,然后通过对内部特征计算相似度建模得到无向同质图,此外将流量在外部网络侧的通信行为建模为有向异质图,并对两图使用图卷积网络学习包含网络流量多种交互行为的嵌入向量,最后将学习到的流量嵌入向量输入到分类器中用于最终的分类.实验结果表明,所提模型的检测准确率和误报率均优于对比模型。

Network intrusion detection is an important research topic in the field of network security which is used to distinguish normal and abnormal network behaviors by analyzing traffic characteristics to realize intrusion traffic detection.To solve the problems of the complex feature extraction process,and insufficient information extraction in existing intrusion detection models,an intrusion detection model based on internal and external convolutional networks is proposed.Firstly,an one-dimensional convolutional neural network is used to extract the internal features of the traffic data.Then,an undirected homogeneous graph is obtained by calculating the similarity of the internal features.In addition the communication behavior of the traffic on the external network side is modeled as a directed heterogeneous graph,and graph convolutional network is used to learn embedding containing multiple interactive behaviors of network traffic from two graghs.Finally,the learned flow embedding is input into the classifier for final classification.Experimental results show that compared with existing methods,the detection accuracy and false alarm rate of the proposed model are better than those of the compared models.