摘要
网络攻击的准确检测对于防范信息系统中的漏洞是至关重要的.目前,虽然许多网络入侵检测模型都有较高的检测率,但仍存在对不平衡异常网络流量的识别精度低,以及误报率高的问题.因此,本文提出了一种基于残差网络改进的异常流量入侵检测模型,将CICIDS2017数据集转换为灰度图像后,在ResNet50结构的第2层~第5层添加CBAM注意力机制模块,构建残差注意力网络算法,来学习更多异常流量的关键特征.为解决数据集中的类不平衡问题,用改进的焦点损失函数代替交叉熵损失函数,来识别数据集中的小类别攻击.实验结果表明,与基线模型相比,该模型不仅实现了99.29%的总体准确率,而且对于小样本平均都有99%的检测率,这也证明了本文提出的模型的优越性.
Accurate detection of cyber-attacks is critical to preventing vulnerabilities in information systems.At present,although many network intrusion detection models have high detection rates,there are still problems with low identification accuracy for unbalanced abnormal network traffic and high false positive rate.Therefore,this paper proposes an improved abnormal traffic intrusion detection model based on residual network.After converting the CICIDS2017 dataset to grayscale images,the CBAM attention mechanism module is added to the second to fifth layers of the ResNet50 structure to build a residual attention network algorithm to learn more key features of abnormal traffic.To address the class imbalance problem in the dataset,an improved focal loss function is used to replace the cross-entropy loss function to identify small class attacks in the dataset.The experimental results show that compared with the baseline model,the model not only achieves an overall accuracy of 99.29%,but also has an average detection rate of 99%for small samples,which also proves the superiority of the model proposed in this paper.
作者
王锁成
陈世平
WANG Suo-cheng;CHEN Shi-ping(School of Optical-Electrical and Computer Engineering,University of Shanghai for Science and Technology,Shanghai 200093,China;Network and Information Center Office,University of Shanghai for Science and Technology,Shanghai 200093,China)
出处
《小型微型计算机系统》
CSCD
北大核心
2023年第12期2757-2764,共8页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(61472256,61170277)资助
上海理工大学科技发展基金项目(16KJFZ035,2017KJFZ033)资助
沪江基金项目(A14006)资助。
