期刊文献+

基于记忆模块与过滤式生成对抗网络的入侵检测方法

Intrusion Detection Method Based on Memory Module and Filtered Generative Adversarial Network
下载PDF
导出
摘要 为了解决现有的网络入侵检测方法在异常样本有限时存在精确度低且容易产生过拟合的问题,提出一种基于记忆模块和过滤式生成对抗网络(GAN)的入侵检测方法MemFGAN。在生成对抗网络中,生成器采用编码器-解码器结构并引入1个记忆模块学习正常样本的特征向量进行记忆增强,生成器用于对给定的输入进行编码并将其用作查询请求,在记忆模块中查询最相关的项进行重构,生成器的重构误差作为异常分数用于入侵检测,在判别器之前增加过滤器过滤异常样本,利用判别器损失提高生成器对正常样本的生成能力以降低其异常分数。此外,分别为生成器和判别器设计了新的训练目标,实现利用已知异常标签对生成器进行监督,降低生成器对异常样本的重构能力以扩大其异常分数,从而提高模型的入侵检测精确度并缓解过拟合问题。在MAWILab、ISCX2012、IDS2017、IDS20184个入侵检测数据集上的实验结果表明,相较于基线方法,MemFGAN的F1值平均提高了0.147,在入侵检测方面具有较好的准确性和泛化性,可以在异常样本有限时保持良好的检测能力。 To solve the low accuracy of existing network intrusion detection methods as well as their susceptibility to overfitting when abnormal samples are limited,an intrusion detection method based on a memory module and filtered Generative Adversarial Network(GAN)MemFGAN is proposed.In a GAN,the generator adopts an encoder-decoder structure and introduces a memory module to learn the feature vectors of normal samples to enhance memory.The generator encodes the input and uses it as a query request in the memory module.The most relevant items in the query are reconstructed and the reconstruction error of the generator is used as the anomaly score for intrusion detection.A filter is added before the discriminator to filter out abnormal samples,whereas the discriminator loss is used to improve the generator's ability to generate normal samples and reduce its abnormal score.In addition,new training objectives are designed for the generator and discriminator to supervise the generator using known anomalies and to diminish the generator's ability in reconstructing abnormal samples such that its anomaly score is higher,thereby improving the intrusion detection accuracy of the model and alleviating overfitting.Experimental results on four intrusion detection datasets,i.e.,MAWILab,ISCX2012,IDS2017,and IDS2018,show that compared with the baseline method,the MemFGAN improves the F1 value by an average of 0.147,offers better accuracy and generalization in intrusion detection,and maintains good detection capabilities when abnormal samples are limited.
作者 张慧妍 梁勇 兰景宏 赵强 ZHANG Huiyan;LIANG Yong;LAN Jinghong;ZHAO Qiang(School of Automation and Software Engineering,Shanxi University,Taiyuan 030006,Shanxi,China;Institute of Electronic and Engineering,University of Electronic Science and Technology of China,Dongguan 523808,Guangdong,China;Electric Power Research Institute of Stata Grid Henan Electric Power Company,Zhengzhou 450052,Henan,China)
出处 《计算机工程》 CAS CSCD 北大核心 2024年第6期197-207,共11页 Computer Engineering
基金 国家自然科学基金青年科学基金项目(62102238) 山西省自然科学基金青年基金(20210302124555)。
关键词 入侵检测 生成对抗网络 记忆模块 弱监督学习 特征增强 intrusion detection Generative Adversarial Network(GAN) memory module weakly-supervised learning feature enhancement
  • 相关文献

参考文献4

二级参考文献24

共引文献91

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部