摘要
入侵检测系统(IDS)是计算机和通信系统中对攻击进行预警的重要技术.目前的IDS在安全检测方面存在2个问题:1)存在大量高维冗余数据及不相关特征干扰分类过程;2)现有模型多是针对早期网络攻击类型,对新型攻击适应性较差.针对这2个问题,提出了一种结合特征选择的SAE-LSTM入侵检测框架,采用融合聚类思想的随机森林特征打分机制,弥补在特征量大的情况下计算消耗高的不足.将特征选取后的数据,先经稀疏自动编码器进行数据重构,再由LSTM模型进行分类检测.实验在UNSW-NB15网络数据集上进行,结果表明:模型在时间戳步长为8时表现最佳,准确率达98%以上,误报率低至4.18%,与其他入侵检测模型相比有着更优秀的检测效果.
Intrusion detection systems(IDS)are important technologies for early warning of attacks in computer and communication systems.Current IDS have some problems in security detection:a large amount of high-dimensional redundant data and irrelevant features interfere with the classification process,and many models are built for earlier types of attacks and are poorly adapted to new types of attacks.To address these two problems,this paper proposes an SAE-LSTM intrusion detection framework that combines feature selection with a random forest feature scoring mechanism that incorporates clustering ideas to compensate for the high computational consumption of random forest in the case of a large number of features.The feature-selected data are first reconstructed by a sparse auto-encoder and then classified and detected by an LSTM model.The model was tested on the UNSW-NB15 dataset.The experimental results show that the model performs best at a timestamp step of 8,with an accuracy of over 98%and a false alarm rate as low as 4.18%,which is better than other intrusion detection methods.
作者
王文涛
汤婕
王嘉鑫
WANG Wentao;TANG Jie;WANG Jiaxin(College of Computer Science&Hubei Provincial Engineering Research Center for Intelligent Management of Manufacturing Enterprises,South-Central Minzu University,Wuhan 430074,China)
出处
《中南民族大学学报(自然科学版)》
CAS
北大核心
2022年第3期347-355,共9页
Journal of South-Central University for Nationalities:Natural Science Edition
基金
教育部产学研合作协同育人资助项目(201902214013)。
关键词
入侵检测系统
随机森林
聚类
稀疏自动编码器
循环神经网络
intrusion detection system
random forest
clustering
sparse autoencoder
recurrent neural network
