摘要
网络流量入侵检测技术对主机和平台安全起着重要作用。目前常采用机器学习和深度学习技术进行网络流量入侵检测,然而相关数据集的不平衡问题导致模型偏向于学习多数类数据的特征而忽视少数类数据的特征,严重影响了检测准确率。结合SMOTE算法和生成对抗网络(GAN)构建OSW模型对训练数据进行预处理,通过Wasserstein GAN学习少数类数据分布情况,避免边缘分布问题,构造平衡数据集。建立基于Transformer与双向长短时记忆-深度神经网络(BiLSTM-DNN)的TBD入侵检测模型,使用Transformer中的编码器捕捉全局联系并对输入数据进行初步特征提取,利用BiLSTM网络进行长距离依赖特征提取保留数据的序列化特征,采用DNN进一步提取深层次特征,最终通过Softmax分类器获得分类结果。在NSL_KDD数据集上的实验结果表明,在进行数据平衡处理后TBD模型的二分类和五分类任务检测准确率分别达到90.3%和79.8%,均高于对比的深度神经网络模型以及机器学习算法。
Intrusion detection technology based on network traffic plays a critical role in host and platform security.Currently,machine learning and deep learning are often used for network traffic intrusion detection.However,the imbalance in datasets causes the model to tend to learn the features of the majority class data and ignore the features of the minority class data,adversely affecting the accuracy of the network intrusion detection model.Therefore,the Synthetic Minority Oversampling Technique(SMOTE)algorithm and the Generative Adversarial Network(GAN)is combined to construct a model,called OSW,to preprocess the training data.The minority class data distribution is learned through Wasserstein GAN(WGAN)to prevent the problem of marginal distribution and construct a balanced dataset.In addition,an intrusion detection model based on the Transformer and Bidirectional Long Short-Term Memory Deep Neural Network(BiLSTM-DNN),called TBD,is built.The encoder part of the transformer is used to globally capture the connection,and preliminary feature extraction is performed on the input data.The BiLSTM network is used to perform long-distance-dependent feature extraction to retain the serialized features of the data,and DNN is used to further extract deep-level features.The classification results are obtained using the Softmax classifier.The NSL_KDD dataset is used in the experiment.The experimental results show that after the dataset balance processing,the TBD model achieves 90.3%accuracy for the two-class task and 79.8%for the five-class task,which are both higher than those of the comparative deep learning network models and machine learning algorithms.
作者
石磊
张吉涛
高宇飞
卫琳
陶永才
SHI Lei;ZHANG Jitao;GAO Yufei;WEI Lin;TAO Yongcai(School of Cyber Science and Engineering,Zhengzhou University,Zhengzhou 450002,China;School of Information Engineering,Zhengzhou University,Zhengzhou 450001,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2023年第3期29-36,57,共9页
Computer Engineering
基金
国家重点研发计划(2020YFB1712401)。
关键词
入侵检测
多头注意力
双向长短时记忆网络
深度神经网络
数据平衡处理
intrusion detection
multi-head attention
Bidirectional Long Short-Term Memory(BiLSTM)network
Deep Neural Network(DNN)
data balance processing
