Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2019, Vol. 59 Issue (1): 44-52    DOI: 10.16511/j.cnki.qhdxxb.2019.22.004
  信息安全 本期目录 | 过刊浏览 | 高级检索 |
基于dCNN的入侵检测方法
张思聪1, 谢晓尧2, 徐洋2
1. 贵州大学 计算机科学与技术学院, 贵阳 550025;
2. 贵州师范大学 贵州省信息与计算科学重点实验室, 贵阳 550001
Intrusion detection method based on a deep convolutional neural network
ZHANG Sicong1, XIE Xiaoyao2, XU Yang2
1. School of Computer Science and Technology, Guizhou University, Guiyang 550025, China;
2. Key Laboratory of Information and Computing Science of Guizhou Province, Guizhou Normal University, Guiyang 550001, China
全文: PDF(4677 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 为了进一步提高入侵检测系统的检测准确率和检测效率,提出了一种基于深度卷积神经网络(dCNN)的入侵检测方法。该方法使用深度学习技术,如tanh、Dropout和Softmax等,设计了深度入侵检测模型。首先通过数据填充的方式将原始的一维入侵数据转换为二维的“图像数据”,然后使用dCNN从中学习有效特征,并结合Softmax分类器产生最终的检测结果。该文基于Tensorflow-GPU实现了该方法,并在一块Nvidia GTX 1060 3 GB的GPU上,使用ADFA-LD和NSL-KDD数据集进行了评估。结果表明:该方法减少了训练时间,提高了检测准确率,降低了误报率,提升了入侵检测系统的实时处理性能和检测效率。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
张思聪
谢晓尧
徐洋
关键词 网络空间安全深度学习入侵检测卷积神经网络    
Abstract:This paper presents an intrusion detection method based on a deep convolutional neural network (dCNN) to improve the detection accuracy and efficiency of intrusion detection systems. This method uses deep learning to design the deep intrusion detection model including the tanh, Dropout, and Softmax algorithms. The method first transforms the one-dimensional raw intrusion data into two-dimensional "image" data using data padding. Then, the method uses dCNN to learn effective features from the data and the Softmax classifier to generate the final detection result. The method was implemented on a Tensorflow-GPU and evaluated on a Nvidia GTX 1060 3 GB GPU using the ADFA-LD and NSL-KDD datasets. Tests show that this method has shorter training time, improved detection accuracy, and lower false alarm rates. Thus, this method enhances the real-time processing and detection efficiency of intrusion detection systems.
Key wordscyber space security    deep learning    intrusion detection    convolutional neural network
收稿日期: 2018-09-30      出版日期: 2019-01-16
基金资助:国家自然科学基金项目(61461009,U1831131,U1631132);中央引导地方科技发展专项资金项目(黔科中引地[2018]4008);贵州省科技合作计划重点项目(黔科合LH字[2015]7763)
通讯作者: 谢晓尧,教授,E-mail:xyx@gznu.edu.cn     E-mail: xyx@gznu.edu.cn
引用本文:   
张思聪, 谢晓尧, 徐洋. 基于dCNN的入侵检测方法[J]. 清华大学学报(自然科学版), 2019, 59(1): 44-52.
ZHANG Sicong, XIE Xiaoyao, XU Yang. Intrusion detection method based on a deep convolutional neural network. Journal of Tsinghua University(Science and Technology), 2019, 59(1): 44-52.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2019.22.004  或          http://jst.tsinghuajournals.com/CN/Y2019/V59/I1/44
  图1 基于dCNN 的入侵检测方法的架构
  图2 数据转换算法
  图3 有效特征自学习模块的基本结构
  图4 ADFAGLD和 NSLGKDD数据集上不同激活函数性能比较
  图5 ADFAGLD数据集上 ADAM 和SGD算法性能比较
  图6 ADFAGLD数据集上 MSE和CE代价函数性能比较
  表1 ADFAGLD数据集的详细情况 [21]
  表2 MLPClassifier和dCNN 模型参数
  表3 ADFAGLD数据集七分类实验结果
  图7 dCNN模型在 ADFAGLD测试集七分类 实验的混淆矩阵
  表4 NSLGKDD数据集的详细情况 [22]
  图8 NSLGKDD数据集上二分类实验 ROC曲线
  表5 NSLGKDD二分类实验结果
  表6 NSLGKDD五分类实验结果
  表7 模型训练时间
  图9 dCNN模型在 NSLGKDD测试集五分类实验的混淆矩阵
[1] CREECH G, HU J K. Generation of a new IDS test dataset:Time to retire the KDD collection[C]//2013 IEEE Wireless Communications and Networking Conference (WCNC). Shanghai, China, 2013:4487-4492.
[2] SHONE N, NGOC T N, PHAI V D, et al. A deep learning approach to network intrusion detection[J]. IEEE Transactions on Emerging Topics in Computational Intelligence, 2018, 2(1):41-50.
[3] YI Y A, MIN M M. An analysis of random forest algorithm based network intrusion detection system[C]//2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD). Kanazawa, Japan, 2017:127-132.
[4] SILVER D, HUANG A, MADDISON C J, et al. Mastering the game of Go with deep neural networks and tree search[J]. Nature, 2016, 529(7587):484-489.
[5] LECUN Y, BENGIO Y, HINTON G. Deep learning[J]. Nature, 2015, 521(7553):436-444.
[6] KRIZHEVSKY A, SUTSKEVER I, HINTON G E. ImageNet classification with deep convolutional neural networks[C]//Proceedings of the 25th International Conference on Neural Information Processing System. Lake Tahoe, USA:Curran Associates, 2012:1097-1105.
[7] LIANG Z, ZHANG G, HUANG J X, et al. Deep learning for health-care decision making with EMRs[C]//IEEE International Conference on Bioinformatics & Biomedicine. Washington DC, USA, 2015:556-559.
[8] LUCKOW A, COOK M, ASHCRAFT N, et al. Deep learning in the automotive industry:Applications and tools[C]//2016 IEEE International Conference on Big Data. Boston, USA, 2017:3759-3768.
[9] LEE H, KIM Y, KIM C O. A deep learning model for robust wafer fault monitoring with sensor measurement noise[J]. IEEE Transactions on Semiconductor Manufacturing, 2017, 30(1):23-31.
[10] YU Y, LONG J, CAI Z P. Session-based network intrusion detection using a deep learning architecture[M]//TORRA V, NARUKAWA Y, HONDA A, et al. Modeling decisions for artificial intelligence. Berlin, Germany:Springer, 2017:144-155.
[11] ALRAWASHDEH K, PURDY C. Toward an online anomaly intrusion detection system based on deep learning[C]//15th IEEE International Conference on Machine Learning and Application. Anaheim, USA, 2016:195-200.
[12] HINTON G E, SALAKHUTDINOV R R. Reducing the dimensionality of data with neural networks[J]. Science, 2006, 313(5786):504-507.
[13] BENGIO Y, LAMBLIN P, POPOVICI D, et al. Greedy layer-wise training of deep networks[C]//Proceedings of the 19th International Conference on Neural Information Processing System. Cambridge, USA:MIT Press, 2006, 19:153-160.
[14] KIM J, SHIN N, JO S Y, et al. Method of intrusion detection using deep neural network[C]//Proceedings of 2017 IEEE International Conference on Big Data and Smart Computing. Jeju, Republic of Korea, 2017:313-316.
[15] KINGMA D, BA J. ADAM:A method for stochastic optimization[J/OL]. (2017-01-30)[2018-05-03]. https://arxiv.org/abs/1412.6980v9.
[16] JAVAID A, NIYAZ Q, SUN W Q, et al. A deep learning approach for network intrusion detection system[C]//9th EAI International Conference on Bio-Inspired Information and Communications Technologies. New York, USA, 2015:21-26.
[17] DONG B, WANG X. Comparison deep learning method to traditional methods using for network intrusion detection[C]//8th IEEE International Conference on Communication Software and Networks. Beijing, China, 2016:581-585.
[18] HOU S F, SAAS A, CHEN L F, et al. Deep4MalDroid:A deep learning framework for Android malware detection based on linux kernel system call graphs[C]//2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops. Omaha, USA, 2017:104-111.
[19] YUAN Z L, LU Y Q, XUE Y B. Droiddetector:Android malware characterization and detection using deep learning[J]. Tsinghua Science and Technology, 2016, 21(1):114-123.
[20] SRIVASTAVA N, HINTON G, KRIZHEVSKY A, et al. Dropout:A simple way to prevent neural networks from overfitting[J]. Journal of Machine Learning Research, 2014, 15(1):1929-1958.
[21] CREECH G. ADFA-LD[Z/OL].[2018-05-03]. https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-IDS-Datasets/.
[22] TAVALLAEE M, BAGHERI E, LU W, et al. NSL-KDD[Z/OL].[2018-05-03]. http://www.unb.ca/cic/datasets/nsl.html.
[23] LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-based learning applied to document recognition[J]. Proceedings of the IEEE, 1998, 86(11):2278-2324.
[24] GOODFELLOW I, BENGIO Y, COURVILLE A. Deep learning[M]. Cambridge, USA:MIT Press, 2016.
[25] HINTON G E, SRIVASTAVA N, KRIZHEVSKY A, et al. Improving neural networks by preventing co-adaptation of feature detectors[J]. Computer Science, 2012, 3(4):212-223.
[26] CREECH G, HU J K. A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns[J]. IEEE Transactions on Computers, 2014, 63(4):807-819.
[27] BLONDEL M, BRUCHER M, BUITINCK L, et al. Scikit-learn[Z/OL].[2018-05-03]. http://scikit-learn.org/stable/.
[28] TAVALLAEE M, BAGHERI E, LU W, et al. A detailed analysis of the KDD CUP 99 data set[C]//2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. Ottawa, Canada, 2009:53-58.
[29] MCHUGH J. Testing intrusion detection systems:A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory[J]. ACM Transactions on Information and System Security, 2000, 3(4):262-294.
[1] 刘琼, 李宗贤, 孙富春, 田永鸿, 曾炜. 基于深度信念卷积神经网络的图像识别与分类[J]. 清华大学学报(自然科学版), 2018, 58(9): 781-787.
[2] 芦效峰, 蒋方朔, 周箫, 崔宝江, 伊胜伟, 沙晶. 基于API序列特征和统计特征组合的恶意样本检测框架[J]. 清华大学学报(自然科学版), 2018, 58(5): 500-508.
[3] 陈冬青, 张普含, 王华忠. 基于MIKPSO-SVM方法的工业控制系统入侵检测[J]. 清华大学学报(自然科学版), 2018, 58(4): 380-386.
[4] 张新钰, 高洪波, 赵建辉, 周沫. 基于深度学习的自动驾驶技术综述[J]. 清华大学学报(自然科学版), 2018, 58(4): 438-444.
[5] 芦效峰, 张胜飞, 伊胜伟. 基于CNN和RNN的自由文本击键模式持续身份认证[J]. 清华大学学报(自然科学版), 2018, 58(12): 1072-1078.
[6] 邹权臣, 张涛, 吴润浦, 马金鑫, 李美聪, 陈晨, 侯长玉. 从自动化到智能化:软件漏洞挖掘技术进展[J]. 清华大学学报(自然科学版), 2018, 58(12): 1079-1094.
[7] 李晓飞, 许庆, 熊辉, 王建强, 李克强. 基于候选区域选择及深度网络模型的骑车人识别[J]. 清华大学学报(自然科学版), 2017, 57(5): 491-496.
[8] 张瑜, 潘小明, LIU Qingzhong, 曹均阔, 罗自强. APT攻击与防御[J]. 清华大学学报(自然科学版), 2017, 57(11): 1127-1133.
[9] 张敏, 丁弼原, 马为之, 谭云志, 刘奕群, 马少平. 基于深度学习加强的混合推荐方法[J]. 清华大学学报(自然科学版), 2017, 57(10): 1014-1021.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn