摘要
针对现有网络攻击识别方法仅学习独立样本实例特征而缺少类别信息指导的问题,提出了一种融合实例和聚类信息的稀疏自编码特征学习的网络攻击行为识别方法FIC-SAE.每次迭代过程中,利用独立样本构造实例级的稀疏自编码网络误差项、网络权重惩罚项和稀疏项损失函数,同时每批样本进行K-mean聚类划分以构造聚类级的稀疏自编码网络交叉熵损失函数.NSL-KDD和CICIDS2017数据集上的实验结果表明,本文方法FIC-SAE在平均准确率、召回率、查全率和F_(1)分数等4个指标上均优于其他几个自编码器方法.
To address the issue that current network attack recognition methods come only with the learning features from the independent sample instances yet without the guidance of category information,we propose a new network attack behavior recognition method FIC-SAE based on the Sparse Auto-Encoders(SAE)to learn the features from the instance and clustering information.In each iteration,we construct the instance-level error term,network weight penalty term and sparse term loss function of the SAE from the independent samples.At the same time,the samples of each batch are grouped with the K-mean clustering to construct the cross-entropy loss function of the SAE for the clusters.Experimental results on NSL-KDD and CICIDS2017 datasets show that our method promises better average accuracy,recall,and F_(1)score than those of other methods with the feature learned from the samples only based on the AE.
作者
谢从贵
XIE Conggui(CISDI Information Technology(Chongqing)Co.,Ltd,Chongqing 401120,China)
出处
《常熟理工学院学报》
2023年第5期29-35,共7页
Journal of Changshu Institute of Technology
