摘要
针对传统的机器学习算法在检测未知攻击方面表现不佳的问题,提出了一种基于变分自动编码器和注意力机制的异常入侵检测方法,通过将变分自编码器和注意力机制相结合,实现使用深度学习方法从基于流量的数据中检测异常网络流量的目标。所提方法利用独热编码和归一化技术对输入数据进行预处理;将数据输入到基于注意力机制的变分编码器中,采集训练样本中隐含特征信息,并将其融入最终潜变量中;计算原始数据与重建数据之间的重建误差,进而基于适当的阈值判断流量的异常情况。实验结果表明,与其他入侵检测方法相比,所提方法明显改善了入侵检测的精度,不仅可以检测已知和未知攻击,而且还可以提高低频次攻击的检测率。
Aiming at the poor performance of traditional machine learning algorithms in detecting unknown attacks,an anomaly intrusion detection method based on variational autoencoder and attention mechanism is proposed.By combining the variational autoencoder and attention mechanism,the method realizes the goal of using deep learning method to detect abnormal network traffic from traffic based data.The proposed method is divided into two parts:data preprocessing and anomaly detection.Specifically,the input data is preprocessed by using the one-hot encoding and normalization technology.Then,the data is input into the variational encoder based on the attention mechanism,and the hidden feature information in the training samples is collected and integrated into the final latent variable.Finally,the reconstruction error between the original data and the reconstruction data is calculated,and then the abnormal flow is judged based on the appropriate threshold.Experimental results show that,compared with other intrusion detection methods,the proposed model significantly improves the accuracy of intrusion detection,which can not only detect known and unknown attacks,but also improve the detection rate of low-frequency attacks.
作者
施媛波
SHI Yuanbo(Kunming City College,Kunming 650106,P.R.China)
出处
《重庆邮电大学学报(自然科学版)》
CSCD
北大核心
2022年第6期1071-1078,共8页
Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition)
基金
云南省教育厅科学研究基金(2019J1048,2019J1042)。
关键词
网络入侵检测
异常检测
变分自编码器
注意力机制
network intrusion detection
anomaly detection
variational autoencoder
attention mechanism