基于改进CBAM和BiGRU的入侵检测模型

Intrusion Detection Model Based on Improved CBAM and BiGRU

现有方法存在着网络流量数据不平衡、检测准确率不足和误报率上升等问题。该文提出了一种基于改进的CBAM(Convolutional Block Attention Module)、膨胀卷积和BiGRU(双向门控循环单元)的网络入侵检测模型,旨在解决现有方法存在的问题。具体来说,为了应对数据分布不平衡的问题,采用了ADASYN(自适应过采样)算法进行自适应过采样,以平衡数据集。为解决检测准确率不足和误报率上升的问题,在特征提取阶段,首先引入了三层膨胀卷积,拓展感受野范围,从而全面地捕捉网络流量的特征。其次,采用改进的CBAM模块增强膨胀卷积对高级特征的提取能力。最后,引入BiGRU用于更深入捕捉特征之间的长期依赖关系,进一步提升模型的性能。实验结果表明,在NSL-KDD数据集上,该方法相对于其他方法具有更高的准确率(99.51%)和更低的误检率(2.90%),这表明该模型在网络入侵检测任务中是一种可行有效的方法。

Existing methods suffer from the problems of unbalanced network traffic data,insufficient detection accuracy,and an increasing false alarm rate.We propose a network intrusion detection model based on Improved CBAM(Convolutional Block Attention Module),dilated convolution and BiGRU(Bidirectional Gated Recurrent Unit),which aims to solve the problems of the existing methods.Specifically,to cope with the problem of unbalanced data distribution,we employ the ADASYN(Adaptive Oversampling)algorithm for adaptive oversampling to balance the dataset.To address the problems of insufficient detection accuracy and increasing false alarm rates,in the feature extraction phase,we first introduce a three-layer dilated convolution to expand the range of the sensing field so as to comprehensively capture the features of network traffic.Second,we employ an improved CBAM module to enhance the extraction capability of dilated convolution for advanced features.Finally,BiGRU is also introduced to capture the long-term dependencies between features more deeply to further enhance the performance of the model.Experimental results show that the proposed method has a higher accuracy of 99.51% and a lower false detection rate of 2.90% relative to other methods on the NSL-KDD dataset,which suggests that the proposed model is a feasible and effective approach to network intrusion detection tasks.