端到端的基于深度学习的网络入侵检测方法

End-to-End Network Intrusion Detection Based on Deep Learning

当前网络入侵检测大多使用人工特征,但是人工特征往往不能适应新型攻击,重新设计人工特征又需要专家知识。对此,提出了一种算法,该算法从网络流量数据中提取会话作为样本,并将样本送入两个神经网络,会话的一系列有时间顺序的数据包视为一维序列送入门控循环单元,融合会话的一系列数据包视为二维图像送入卷积神经网络。分别在两个网络提取特征,最后融合这两个特征送入全连接网络执行入侵检测。所提算法同时关注了会话的时序信息和整体空间信息,自动从流量数据中学习特征。使用CICIDS-2018网络流量数据进行实验,实验表明该算法识别僵尸网络、分布式拒绝服务攻击的效果优于人工特征。

Most of the current network intrusion detection uses artificial features,but artificial features often fail to detect new types of attack,and redesigning artificial features requires expert knowledge.In this regard,an algorithm is proposed to extract sessions from network traffic data as samples,and send the samples into two neural networks:A series of time-sequential data packets of a session are regarded as a one-dimensional sequence and sent to a gated recurrent unit;A series of data packets from a fusion session is sent to a convolutional neural network as a two-dimensional image.The features are extracted from the two networks respectively,and finally the two features are fused and sent to the fully connected network to perform intrusion detection.The algorithm proposed in this paper pays attention to both the timing information and the overall spatial information of the session,and automatically learns features from the traffic data.Experiments are carried out using CICIDS-2018 network traffic data,and the results indicate that the algorithm is better than artificial features in detecting botnets and distributed denial of service attacks.