摘要
近年来,基于深度学习的网络异常检测模型成为领域内研究的热点,业已在实验环境下取得了出色的效果。但基于深度学习的网络异常检测模型在不同网络环境下的泛化性能尚无深入研究。分别基于多层感知机、一维卷积神经网络以及深度自编码器构建了3种具有代表性的深度网络异常检测模型,并在CICIDS2017、CICIDS2018数据集上进行模型表现的交叉评估,以量化研究其泛化性能。实验结果显示,评估过程中这3类模型的准确率分别出现了平均20.78%、23.18%、11.13%的下滑,发现了深度网络异常检测模型泛化性能的严重问题,揭示了深度学习技术应用于网络安全领域的隐患与其走向生产化部署的关键性阻碍。最后,对这一问题进行总结与分析,并就解决方案进行探讨与展望。
In recent years,network anomaly detection model based on deep learning has become a research hotspot in the area,getting outstanding achievements in experimental environments.However,there is a lack of research related with the generalization ability of those models.The paper constructed three representative network anomaly detection models based on multi-layer perceptron,1-D convolutional neural network and deep auto-encoder,and trained on CICIDS2017 and CICIDS2018.Then,the evaluation experiments are carried out in a cross way to quantify its generalization ability.The experimental results show that the accuracy of the models has declined by 20.78%,23.18%and 11.13%on average,which proves that the generalization performance of the deep network anomaly detection model is a serious problem,and reveals the pitfall of applying deep learning technology to network security and the key obstacle to its practical deployment.Finally,the summary and analysis of this problem is discussed and the potential solutions are put forward.
作者
曲彦泽
马海龙
江逸茗
QU Yanze;MA Hailong;JIANG Yiming(Information Engineering University,Zhengzhou 450001,China)
出处
《信息工程大学学报》
2024年第2期213-218,共6页
Journal of Information Engineering University
关键词
网络安全
网络异常检测
深度学习
泛化性能
network security
network anomaly detection
deep learning
generalization ability