摘要
网络入侵检测是网络安全的重要组成部分之一,而异常流量检测是实现网络入侵检测的一种方法.针对目前异常流量检测中存在的数据不平衡以及检测模型检测率较低、误报率较高的问题,提出一种过采样算法与混合神经网络相结合的异常流量检测模型.该模型通过学习网络流量数据中的特征来实现异常检测.首先,采用SMOTE与ENN对少数类样本进行过采样解决不平衡问题,再对网络流量数据的特征进行归一化;然后通过卷积神经网络来学习网络流量数据中的空间特征;再将这些包含空间信息特征的数据在时间上错开排列后输入到双向长短时记忆网络来进一步学习其时序特征;接着使用注意力机制对特征的重要性进行计算,最后输出检测结果.在NSL-KDD数据集上的实验结果表明:本文模型相较于目前的机器学习与深度学习检测模型有更高的准确率与较低的误报率.
Network intrusion detection is one of the important part of network security,and netflowanomaly detection is a method of network intrusion detection.In order to solve the problems of data imbalance and low detection rate of machine learning and deep learning model currently in netflowanomaly detection,this paper proposed a netflowanomaly detection model based on oversampling algorithm and hybrid neural network combining convolutional neural network and bidirectional long short-term memory network.This model implemented anomaly detection by learning the features of network traffic.Firstly,pre-processing worked such as minority class oversampling and feature normalization were performed on the network traffic.Secondly,the spatial features of network traffic were extracted by convolutional neural networks.Thirdly,these features containing spatial information were staggered in time and input into bidirectional long short-term memory networks to further learn their temporal features.Then,the importance of features is calculated using the attention mechanism.Finally,the classifier output the detection results.The experimental results of NSL-KDD dataset shows that the proposed model has higher accuracy and lower false alarm rate by comparing with the current machine learning and deep learning detection models.
作者
连鸿飞
张浩
郭文忠
LIAN Hong-fei;ZHANG Hao;GUO Wen-zhong(College of Mathematics and Computer Sciences,Fuzhou University,Fuzhou 350116,China;Fujian Provincial Key Laboratory of Network Computing and Intelligent Information Processing,Fuzhou 350116,China)
出处
《小型微型计算机系统》
CSCD
北大核心
2020年第4期786-793,共8页
Journal of Chinese Computer Systems
基金
国家自然科学基金海峡联合基金重点项目(U1705262)资助
国家自然科学(61672159)资助
福建省自然科学基金项目(2016J01754)资助。
关键词
数据不平衡
深度学习
异常检测
卷积神经网络
长短时记忆网络
注意力机制
data imbalance
deep learning
anomaly detection
convolutional neural networks
long short-term memory networks
attention mechanism
