摘要
目前提出的误用检测和异常检测相结合的算法,大多采用复合模型或组合模型来实现,这些方法通常需要训练不止一个基本模型,学习过程复杂.本文提出一种基于端到端记忆神经网络的入侵检测模型,能够在利用领域知识辅助网络行为数据分类的同时,使用端到端的方式训练模型以降低学习复杂度.模型设计了匹配模块和融合模块,使相关攻击知识项能够在分类模块发挥辅助作用.除检测结果外,模型还能够输出关于检测结果的可解释信息.本文对数据集进行归一化处理,并从数据集中提取出攻击知识项用于辅助分类.实验结果表明,本文方法中领域知识起到了较好的辅助分类作用,模型最终取得较高的检测精度.
There are different methods combining misuse and anomaly detection for intrusion detection. However, most of them consist of more than one basic models which complicate the learning process. In this paper, we present an effective intrusion detection method with low complexity on the basis of the end-to-end memory network to classify the network behavior data by taking advantage of domain knowledge. A matching module and a blending module are designed in our model to ensure that relevant knowledge items take effect in the classify module. Furthermore, additional output are provided with the detecting result as explainable reference information. Data pre-processing is done using data normalization and knowledge items about attacks are selected from the dataset. Experimental results show that the domain knowledge plays a positive role in the model and the proposed method has good performance on intrusion detecting..
作者
高筱娴
龙春
魏金侠
赵静
宋丹劼
GAO Xiao-Xian;LONG Chun;WEI Jin-Xia;ZHAO Jing;SONG Dan-Jie(Computer Network Information Center,Chinese Academy of Sciences,Beijing 100190,China;University of Chinese Academy of Sciences,Beijing 100049,China)
出处
《计算机系统应用》
2018年第10期170-176,共7页
Computer Systems & Applications
关键词
端到端记忆神经网络
入侵检测
机器学习
分类算法
end-to-end memory network
intrusion detection
machine learning
classification algorithm
