摘要
针对单一串行深度学习检测模型提取流量特征时无法完整反映原始流量信息,且恶意流量识别精度低的问题,设计多模型并行融合网络,提出一种基于多模型并行融合网络的恶意流量检测方法。所提方法采用并行方式,融合一维卷积神经网络(1D-CNN)与双向长短期记忆(Bi-LSTM)网络进行特征提取和流量识别,各条支路均直接面向原始流量,同时提取流量的空间特征与时序特征,采用共同的全连接层进行特征融合,可更精准地反映原始流量信息并有效提高恶意流量的识别准确率。在开源NSL-KDD数据集上的实验结果表明,所提方法恶意流量检测的特征提取能力、鲁棒性以及在线学习能力等方面均表现了优越的性能。
A malicious traffic detection method based on a multi-model parallel fusion network was proposed to address the issue of incomplete reflection of original traffic information and poor accuracy in identifying malicious traffic when using a single sequential deep learning detection model.The parallel approach was used to combine one-Dimensional Convolutional Neural Network(1D-CNN)and Bi-directional Long Short-Term Memory(Bi-LSTM)network for feature extraction and traffic recognition.Each branch directly facing to the original traffic,both spatial and temporal features were extracted.A common fully connected layer was used for feature fusion,which could more accurately reflect the original traffic information and effectively improved the accuracy of malicious traffic identification.Experimental results on the open-source NSL-KDD dataset demonstrate the superior performance of the proposed method in terms of feature extraction capability,robustness,and online learning ability for malicious traffic detection.
作者
李向军
王俊洪
王诗璐
陈金霞
孙纪涛
王建辉
LI XiangJun;WANG Junhong;WANG Shilu;CHEN Jinxia;SUN Jitao;WANG Jianhui(School of Software,Nanchang University,Nanchang Jiangxi 330046,China;School of Mathematics and Computer Science,Nanchang University,Nanchang Jiangxi 330031,China)
出处
《计算机应用》
CSCD
北大核心
2023年第S02期122-129,共8页
journal of Computer Applications
基金
国家自然科学基金资助项目(62262039)
江西省高等学校大学生创新创业训练计划项目(202110403070)
江西省科技创新平台项目(20181BCD40005)
南昌大学江西省财政科技专项“包干制”项目(ZBG20230418014)
江西省教育厅科学技术研究资助项目(GJJ2210701)
江西省教学改革重点项目(JXJG-2020-1-2)。
关键词
恶意流量检测
深度学习
多模型并行融合
卷积神经网络
双向长短期记忆网络
malicious traffic detection
deep learning
multi-model parallel fusion
Convolutional Neural Network(CNN)
Bi-directional Long Short-Term Memory(Bi-LSTM)network
