应对零日攻击的混合车联网入侵检测系统

Hybrid internet of vehicles intrusion detection system for zero-day attacks

现有机器学习方法在面对零日攻击检测时,存在对样本数据过度依赖以及对异常数据不敏感的问题,从而导致入侵检测系统(IDS)难以有效防御零日攻击。因此,提出一种基于Transformer和自适应模糊神经网络推理系统(ANFIS)的混合车联网入侵检测系统。首先,设计了一种数据增强算法,通过先去除噪声再生成的方法解决了数据样本不平衡的问题;其次,将非线性特征交互引入复杂的特征组合,设计了一个特征工程模块;最后,将Transformer的自注意力机制和ANFIS的自适应学习方法相结合,以提高特征表征能力,减少对样本数据的依赖。在CICIDS-2017和UNSW-NB15入侵数据集上将所提系统与Dual-IDS等先进(SOTA)算法进行比较。实验结果表明,对于零日攻击,所提系统在CICIDS-2017入侵数据集上实现了98.64%的检测精确率和98.31%的F1值,在UNSW-NB15入侵数据集上实现了93.07%的检测精确率和92.43%的F1值,验证了所提算法在零日攻击检测方面的高准确性和强泛化能力。

Existing machine learning methods suffer from over-reliance on sample data and insensitivity to anomalous data when confronted with zero-day attack detection,thus making it difficult for Intrusion Detection System(IDS)to effectively defend against zero-day attacks.Therefore,a hybrid internet of vehicles intrusion detection system based on Transformer and ANFIS(Adaptive-Network-based Fuzzy Inference System)was proposed.Firstly,a data enhancement algorithm was designed and the problem of unbalanced data samples was solved by denoising first and then generating.Secondly,a feature engineering module was designed by introducing non-linear feature interactions into complex feature combinations.Finally,the self-attention mechanism of Transformer and the adaptive learning method of ANFIS were combined,which enhanced the ability of feature representation and reduced the dependence on sample data.The proposed system was compared with other SOTA(State-Of-The-Art)algorithms such as Dual-IDS on CICIDS-2017 and UNSW-NB15 intrusion datasets.Experimental results show that for zero-day attacks,the proposed system achieves 98.64%detection accuracy and 98.31%F1 value on CICIDS-2017 intrusion dataset,and 93.07%detection accuracy and 92.43%F1 value on UNSW-NB15 intrusion dataset,which validates high accuracy and strong generalization ability of the proposed algorithm for zero-day attack detection.