融合MS-IRB与CAM的入侵检测模型

Intrusion Detection Model Incorporating MS-IRB and CAM

针对深度学习模型复杂度高导致的模型训练时间长、收敛速度慢等问题,本文提出了一种融合多尺度倒残差块(Multiscale-Inverted Residual Block,MS-IRB)与通道注意力机制(Channel Attention Mechanism,CAM)的入侵检测模型,该模型在确保检测性能的同时降低了复杂度.首先,将数据集中的一维网络流量数据进行数值化、归一化处理,进而转化为三通道格式;其次,利用三组倒残差块对数据进行多尺度特征提取,所使用的卷积核尺寸分别为1×1、2×2、3×3,采用通道注意力机制为各个卷积通道分配不同权重,提高了本文模型对包含更多有效信息通道的关注度,选用BN方法来降低过拟合程度并加快模型的收敛速度;最后,将全连接处理所得特征矩阵通过Softmax函数映射获得分类结果.为验证本文模型,在UNSW-NB15数据集上进行实验评估.实验结果表明:本文模型参数数量分别比CNN少34%、比LSTM少60%,且计算量比CNN小45%;同时,分类准确率相比CNN提高了0.7%.

To address the problems of long training time and slow convergence due to the high complexity of deep learning models,this paper proposes a intrusion detection model incorporating MS-IRB and channel attention mechanism,this model reduces the complexity while ensuring the detection performance.First,the one-dimensional network traffic data in the data set are processed numerically and normalized,then transformed into a three-channel format.Second,three sets of inverse residual blocks are used for multi-scale feature extraction,and the sizes of the convolutional kernels are 1×1,2×2,and 3×3 respectively.The channel attention mechanism is used to assign different weights to each convolutional channel,which improves the attention of the model to the channels containing more effective information,and the BN method is chosen to reduce overfitting and accelerate the convergence rate of the model.Finally,the feature matrix obtained from the full concatenation process is mapped by the Softmax function to obtain the classification results.To validate the model in this paper,experimental evaluation is conducted on the UNSW-NB15 dataset.The experimental results show that the quantity of parameters of this model is 34% less than CNN and 60% less than LSTM respectively,and the computational effort is 45% smaller than CNN.Meanwhile,the classification accuracy is improved by 0.7% compared with CNN.