摘要
为了识别和防范网络中异常行为和恶意侵入,构建了一个基于卷机神经网络(convolutional neural network, CNN)和双向长短时记忆(bidirectional long short-term memory, BiLSTM)网络的检测模型,并将其应用于各类入侵检测系统(intrusion detection system, IDS).区别于传统检测模型,因数据冗余而导致模型性能降低,该模型首先将特征输入构建的CNN生成特征映射,该过程有效减少识别网络的参数,并自动消除冗余和稀疏的特征.接着,将处理好的特征作为BiLSTM网络的输入,来检测和识别网络中的恶意行为.最后,在NSL-KDD和KDD CUP99数据集上的测试结果显示,所提出的模型在时间效率和精度方面都超过现有模型,证明了其在检测恶意行为和准确分类网络异常中的有效性.
In order to identify and prevent abnormal behavior and malicious intrusion in networks,a detection model based on Convolutional Neural Network(CNN)and Bidirectional Long Short-Term Memory(BiLSTM)networks was constructed and applied to various types of Intrusion Detection Systems(IDS).Distinguished from traditional detection models,which suffer from reduced performance due to data redundancy,this model initially feeds the features into a CNN to generate feature mappings,effectively reducing the parameters of the recognition network and automatically eliminating redundant and sparse features.Subsequently,the processed features are used as inputs to the BiLSTM network to detect and recognize malicious behavior within the network.Finally,test results on the NSL-KDD and KDD CUP99 datasets demonstrate that the proposed model surpasses existing models in terms of both time efficiency and accuracy,confirming its effectiveness in detecting malicious behavior and accurately classifying network anomalies.
作者
张明明
刘凯
李贤慧
许梦晗
顾颖程
张见豪
程环宇
Zhang Mingming;Liu Kai;Li Xianhui;Xu Menghan;Gu Yingcheng;Zhang Jianhao;Cheng Huanyu(Information Communication Branch,State Grid Jiangsu Electric Povwer Co.,Ltd.,Nanjing 210024;Jiangsu Ruizhong Data Co.,Ltd.,Nanjing 210012;State Grid Electric Power Research Institute Co.,Ltd.,Nanjing 211106)
出处
《信息安全研究》
CSCD
2023年第12期1152-1158,共7页
Journal of Information Security Research
基金
国网公司科技指南项目(5700-202218185A-1-1-ZN)。
关键词
行为识别
入侵检测
卷积神经网络
网络异常分类
双向长短时记忆网络
behavior recognition
intrusion detection
convolutional neural network
network anomaly classification
bidirectional long short-term memory network
