自适应遗传算法优化堆叠LSTM超参数的入侵检测研究

Research on intrusion detection of stacking LSTM hyperparameters optimized by adaptive genetic algorithm

针对传统入侵检测模型检测准确率、精确率偏低和模型泛化能力不足的问题,采用自适应遗传算法优化堆叠(Long short-term memory, LSTM)进行入侵检测研究。构建堆叠LSTM入侵检测模型提取网络数据特征,为充分利用堆叠LSTM各层提取到的数据特征信息,改进堆叠LSTM的网络结构,将各层LSTM提取到的特征信息进行保留合并。为确定模型的最佳超参数取值,使用自适应遗传算法(Adaptive genetic algorithm,AGA)优化模型的超参数,AGA迭代完成后的输出即为最佳超参数取值,使用最佳超参数取值构建入侵检测模型。该模型在NSL-KDD数据集上的检测准确率为99.03%、精确率为94.86%、召回率为95.39%,在UNSW-NB15数据集上的检测准确率为90.21%、精确率为86.97%、召回率为89.11%。在所有对比模型中表现最优,且模型的泛化能力较强,能准确检测出未知攻击。

Aiming at the problems of low detection accuracy and accuracy of traditional intrusion detection models and insufficient generalization ability of models,adaptive genetic algorithm is used to optimize stacked Long short-term memory(LSTM)for intrusion detection research.The stacked LSTM intrusion detection model is constructed to extract network data features.In order to make full use of the data feature information extracted by each layer of stacked LSTM,the network structure of stacked LSTM is improved,and the feature information extracted by each layer of LSTM is retained and merged.In order to determine the optimal hyperparameter value of the model,the adaptive genetic algorithm(AGA)is used to optimize the hyperparameter of the model.The output of the AGA iteration is the optimal hyperparameter value.The intrusion detection model is constructed by using the optimal hyperparameter value.The detection accuracy,precision and recall of the model on the NSL-KDD dataset are 99.03%,94.86%and 95.39%,respectively.The detection accuracy,precision and recall of the model on the UNSW-NB15 dataset are 90.21%,86.97%and 89.11%,respectively.It performs best in all comparison models,and the model has strong generalization ability and can accurately detect unknown attacks.