ZHAN Honghui,CHENG Zhonghan.Identification Method of Abnormal Traffic based on Convolution Neural Network[J].Journal of Chengdu University of Information Technology,2023,38(06):668-672.[doi:10.16836/j.cnki.jcuit.2023.06.008]
基于卷积神经网络的异常流量鉴别方法
- Title:
- Identification Method of Abnormal Traffic based on Convolution Neural Network
- 文章编号:
- 2096-1618(2023)06-0668-05
- Keywords:
- intrusion detection; network security; machine learning; deep learning; convolutional neural network
- 分类号:
- TP393.08
- 文献标志码:
- A
- 摘要:
- 入侵检测系统是网络安全的重要组成部分。针对已知网络攻击的检测,深度学习和传统机器学习都存在查准率和准确率低,以及对重要特征难以有效提取的问题,提出一种基于卷积神经网络结构的异常流量鉴别方法CNN-BDF。对入侵数据建立神经网络,在卷积网络后引入批归一化层,并使用Flatten函数作用于卷积层到全连接层的过渡,最后在全连接层中间引入Dropout层。采用NSL-KDD数据集进行模型评估,实验结果表明,CNN-BDF模型的准确率和查准率分别达到89.01%和84.72%,较基于传统机器学习与深度学习的入侵检测模型具有更好的效果。
- Abstract:
- Intrusion detection system is an important part of network security. For the detection of known network attacks, both deep learning and traditional machine learning have low precision and accuracy, and it is difficult to effectively extract important features. Aiming at these problems, an abnormal traffic identification method CNN-BDF based on convolutional neural network structure is proposed in this paper. The neural network is established for the intrusion data, the batch normalization layer is introduced after the convolutional network, and the Flatten function is used to act on the transition from the convolutional layer to the fully connected layer. Finally, the Dropout layer is introduced in the middle of the fully connected layer. The NSL-KDD data set is used to evaluate the model. The experimental results show that the accuracy and precision of the CNN-BDF model reach 89.01% and 84.72% respectively, which shows better performance than the intrusion detection model based on traditional machine learning and deep learning.
参考文献/References:
[1] 陈晨,刘曙,王艺菲,等.基于PSOGWO-SVM的网络入侵检测方法[J].空军工程大学学报(自然科学版),2022,23(2):97-105.
[2] 付子爔,徐洋,吴招娣,等.基于增量学习的SVM-KNN网络入侵检测方法[J].计算机工程,2020,46(4):115-122.
[3] Logeswari G,Bose S,Anitha T.An Intrusion Detection System for SDN Using Machine Learning[J].Intelligent Automation & Soft Computing,2023,35(1):868-880.
[4] Duo Ruifeng,Nie Xiaobo,Yang Ning, et al. Anomaly Detection and Attack Classification for Train Real-Time Ethernet[J]. IEEE ACCESS,2021,9:22528-22541.
[5] Yin Chuanlong,Zhu Yuefei,Fei Jinlong, et al. A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks[J]. IEEE Access,2017,5:21954-21961.
[6] 董卫宇,李海涛,王瑞敏,等.基于堆叠卷积注意力的网络流量异常检测模型[J].计算机工程,2022,48(9):12-19.
[7] 曹卫东,许志香,王静.基于深度生成模型的半监督入侵检测算法[J].计算机科学,2019,46(3):197-201.
[8] 连鸿飞,张浩,郭文忠.一种数据增强与混合神经网络的异常流量检测[J].小型微型计算机系统,2020,41(4):786-793.
[9] Tavallaee M,Bagheri E,Lu W,et al.A detailed analysis of the KDD CUP 99 data set[C].IEEE symposium on computational intelligence for security an d defense applications.Ieee,2009:1-6.
[10] Alex Krizhevsky,Ilya Sutskever,Geoffrey E.Hinton.ImageNet classification with deep convolutional neural networks[J].Communications of the ACM,2017,60(6):84-89.
[11] Glorot X,Bengio Y.Understanding the difficulty of training deep feedforward neural networks[C].Proceedings of the thirteenth international conference on artificial intelligence and statistics.JMLR Workshop and Conference Proceedings,2010:249-256.
[12] Biggio B,Corona I,Fumera G,et al.Bagging classifiers for fighting poisoning attacks in adversarial classification tasks[C].International workshop on multiple classifier systems.Springer,Berlin,Heidelberg,2011:350-359.
[13] 张昊,张小雨,张振友,等.基于深度学习的入侵检测模型综述[J].计算机工程与应用,2022,58(6):17-28.
[14] Goodfellow I,Bengio Y,Courville A.Deep learning[M].MIT press,2016:90-106.
[15] Krizhevsky A,Sutskever I,Hinton G.Imagenet classification with deep convolutional networks[C].Proceedings of the Conference Neural Information Processing Systems(NIPS).1097:4875-4884.
[16] 纪守领,杜天宇,邓水光,等.深度学习模型鲁棒性研究综述[J].计算机学报,2022,45(1):190-206.
[17] McHugh J.Testing intrusion detection systems:a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory[J].ACM Transactions on Information and System Security(TISSEC),2000,3(4):262-294.
备注/Memo
收稿日期:2022-11-08
基金项目:福建省中青年教师教育科研资助项目(JAT200379)