摘要
网络流量的异常检测对于保护电力信息系统安全具有重要意义。目前深度学习等人工智能技术在入侵检测中表现出良好的性能,但由于电力流量数据中类别不平衡以及噪声含量高等问题,严重影响入侵检测模型的准确率。针对以上问题,文章提出了一种深度残差收缩网络(deep residual shrinkage networks,DRSN)-双向长短时记忆网络(bi-directional long short-term memory,BiLSTM)混合深度学习模型实现及时有效的多矢量攻击威胁识别与检测。首先采用条件生成对抗网络模型生成少数类数据,构造平衡数据集,然后使用DRSN-BiLSTM模型进行特征提取,DRSN中的残差项可以解决网络退化与过拟合问题,注意力机制降低了噪声对异常流量检测的影响,同时基于BiLSTM进行流量时序特征提取,最后用softmax分类器进行流量分类,实现网络入侵检测。该模型在电力信息系统数据集上进行了测试,结果显示,提出的混合深度学习模型在检测准确性、精确度、召回率和F1分数指标均优于比较算法。
Network traffic anomaly detection is of great significance to protect the security of power information system.At present,artificial intelligence technologies such as deep learning shows good performance in intrusion detection,but the accuracy of intrusion detection model is seriously affected due to the unbalanced category and high noise content in power traffic data.To solve the above problems,this paper proposes a DRSN-BiLSTM hybrid deep learning model to realize timely and effective multi-vector attack threat recognition and detection.Firstly,conditional generation adversarial network model is used to generate a few types of data and construct a balanced data set.Then,DRSN-BiLSTM model is used for feature extraction.Residual terms in deep residual shrinkage network(DRSN)can solve the problems of network degradation and overfitting.At the same time,BiLSTM is used to extract the features of the traffic timing sequence.Finally,softmax classifier is used to classify the traffic to realize network intrusion detection.The model was tested on the power measurement data set,and the results show that the proposed hybrid deep learning model outperforms the compared algorithm in detection accuracy,precision,recall and F1_score.
作者
李天慧
谢云澄
车荣花
梁迪昌
王健
LI Tianhui;XIE Yuncheng;CHE Ronghua;LIANG Dichang;WANG Jian(School of Control and Computer Engineering,North China Electric Power University,Changping District,Beijing 102206,China;Computer Teaching and Research Section,Liaocheng Infant Normal School,Liaocheng 252600,Shandong Province,China;Information and Communication Branch,State Grid Chongqing Electric Power Company,Chongqing 404100,China)
出处
《电力信息与通信技术》
2023年第9期30-37,共8页
Electric Power Information and Communication Technology
基金
国家电网有限公司总部科技项目资助“面向国网云安全的自适应防护关键技术研究与应用”(SGHAXT00YJJS2100034)。
关键词
入侵检测
生成对抗网络
残差收缩网络
双向长短时记忆网络
intrusion detection
generative adversarial network
residual shrinkage network
bi-directional long short-term memory