摘要
目前主流入侵检测系统通过学习人工标识的网络流量数据获得自动检测未知威胁的能力,但人工标识的数据出现偏差、缺失、小类样本过少等现象时,本应是攻击样本常会被认定为无害样本,致使入侵检测系统失效。大多数研究入侵检测的工作将整体性能作为检测性能的量化标准,而忽视了入侵检测的原始初衷,导致警告系统遭受攻击。针对以上问题,提出基于投票网络的智能识别模型来解决入侵检测系统训练数据不均衡的问题。通过可训练的投票模型,整合了传统机器学习模型与深度学习模型,在关注整体性能的同时,提升致命攻击的被检出率。实验结果显示,本模型在3种不同样本分布类型的数据集上均有较好的整体表现,并且有效地提高了小类别的检出率。
Modern cyber attack intrusion detection systems apply network flows with artificial labels to build the ability to detect potential threats automatically.Errors,sample insufficiency,and lack of essential features in artificial labeling would severely restrict the system's capability.It is a fatal flaw that the system could not discern attacking samples from benign samples.Most researchers regard the overall performance measurements as the benchmarks for intrusion detection systems while omitting what they are.It was created to warn people about dangerous network attacks.Hence,the article proposed a voting-based framework for an auto cyber intrusion detection system in an imbalanced dataset environment.Based on the trainable voting network,the framework integrated machine learning techniques and deep learning techniques to solve the problem of imbalanced datasets.The article focused on increasing the precision of fatal attack detection without compromising the system's overall performance.The experimental results suggest that the proposed model runs stable and well overall in these different datasets,and the model promotes the detection rate of the minority class effectively.
作者
李熙
梅倩
陶洁
余嘉伟
冯常奇
LI Xi;MEI Qian;TAO Jie;YU Jiawei;FENG Changqi(Wuhan Institute of Shipbuilding Technology,Wuhan 430050,Hubei,China;Hubei Education Press,Wuhan 430070,Hubei,China)
出处
《江汉大学学报(自然科学版)》
2024年第3期74-86,共13页
Journal of Jianghan University:Natural Science Edition
基金
“新基建”视角下高职院校工科专业信息技术公共基础课程建设研究项目(2021-AFCEC-093)。
关键词
入侵检测
网络攻击识别
不均衡样本数据集
深度学习
机器学习
intrusion detection
cyber attack recognition
imbalanced sample dataset
deep learning
machine learning
