基于dCNN的入侵检测方法

doi:10.16511/j.cnki.qhdxxb.2019.22.004

摘要
图/表
参考文献
相关文章
Metrics

全文: PDF(4677 KB)
输出: BibTeX | EndNote (RIS)

摘要为了进一步提高入侵检测系统的检测准确率和检测效率，提出了一种基于深度卷积神经网络（dCNN）的入侵检测方法。该方法使用深度学习技术，如tanh、Dropout和Softmax等，设计了深度入侵检测模型。首先通过数据填充的方式将原始的一维入侵数据转换为二维的“图像数据”，然后使用dCNN从中学习有效特征，并结合Softmax分类器产生最终的检测结果。该文基于Tensorflow-GPU实现了该方法，并在一块Nvidia GTX 1060 3 GB的GPU上，使用ADFA-LD和NSL-KDD数据集进行了评估。结果表明：该方法减少了训练时间，提高了检测准确率，降低了误报率，提升了入侵检测系统的实时处理性能和检测效率。

	服务

	把本文推荐给朋友
	加入引用管理器
	E-mail Alert
	RSS

	作者相关文章
	张思聪
	谢晓尧
	徐洋

关键词 ：网络空间安全, 深度学习, 入侵检测, 卷积神经网络

Abstract：This paper presents an intrusion detection method based on a deep convolutional neural network (dCNN) to improve the detection accuracy and efficiency of intrusion detection systems. This method uses deep learning to design the deep intrusion detection model including the tanh, Dropout, and Softmax algorithms. The method first transforms the one-dimensional raw intrusion data into two-dimensional "image" data using data padding. Then, the method uses dCNN to learn effective features from the data and the Softmax classifier to generate the final detection result. The method was implemented on a Tensorflow-GPU and evaluated on a Nvidia GTX 1060 3 GB GPU using the ADFA-LD and NSL-KDD datasets. Tests show that this method has shorter training time, improved detection accuracy, and lower false alarm rates. Thus, this method enhances the real-time processing and detection efficiency of intrusion detection systems.

Key words： cyber space security deep learning intrusion detection convolutional neural network

收稿日期: 2018-09-30 出版日期: 2019-01-16

基金资助:国家自然科学基金项目（61461009，U1831131，U1631132）；中央引导地方科技发展专项资金项目（黔科中引地[2018]4008）；贵州省科技合作计划重点项目（黔科合LH字[2015]7763）

通讯作者: 谢晓尧,教授,E-mail:xyx@gznu.edu.cn E-mail: xyx@gznu.edu.cn

引用本文:

张思聪, 谢晓尧, 徐洋. 基于dCNN的入侵检测方法[J]. 清华大学学报（自然科学版）, 2019, 59(1): 44-52.
ZHANG Sicong, XIE Xiaoyao, XU Yang. Intrusion detection method based on a deep convolutional neural network. Journal of Tsinghua University(Science and Technology), 2019, 59(1): 44-52.

链接本文:

http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2019.22.004 或 http://jst.tsinghuajournals.com/CN/Y2019/V59/I1/44

图１基于dCNN 的入侵检测方法的架构

图２数据转换算法

图３有效特征自学习模块的基本结构

图４ ADFAＧLD和 NSLＧKDD数据集上不同激活函数性能比较

图５ ADFAＧLD数据集上 ADAM 和SGD算法性能比较

图６ ADFAＧLD数据集上 MSE和CE代价函数性能比较

表１ ADFAＧLD数据集的详细情况 ^[２１]

表２ MLPClassifier和dCNN 模型参数

表３ ADFAＧLD数据集七分类实验结果

图７ dCNN模型在 ADFAＧLD测试集七分类实验的混淆矩阵

表４ NSLＧKDD数据集的详细情况 ^[２２]

图８ NSLＧKDD数据集上二分类实验 ROC曲线

表５ NSLＧKDD二分类实验结果

表６ NSLＧKDD五分类实验结果

表７模型训练时间

图９ dCNN模型在 NSLＧKDD测试集五分类实验的混淆矩阵

[1] CREECH G, HU J K. Generation of a new IDS test dataset:Time to retire the KDD collection[C]//2013 IEEE Wireless Communications and Networking Conference (WCNC). Shanghai, China, 2013:4487-4492.
[2] SHONE N, NGOC T N, PHAI V D, et al. A deep learning approach to network intrusion detection[J]. IEEE Transactions on Emerging Topics in Computational Intelligence, 2018, 2(1):41-50.
[3] YI Y A, MIN M M. An analysis of random forest algorithm based network intrusion detection system[C]//2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD). Kanazawa, Japan, 2017:127-132.
[4] SILVER D, HUANG A, MADDISON C J, et al. Mastering the game of Go with deep neural networks and tree search[J]. Nature, 2016, 529(7587):484-489.
[5] LECUN Y, BENGIO Y, HINTON G. Deep learning[J]. Nature, 2015, 521(7553):436-444.
[6] KRIZHEVSKY A, SUTSKEVER I, HINTON G E. ImageNet classification with deep convolutional neural networks[C]//Proceedings of the 25th International Conference on Neural Information Processing System. Lake Tahoe, USA:Curran Associates, 2012:1097-1105.
[7] LIANG Z, ZHANG G, HUANG J X, et al. Deep learning for health-care decision making with EMRs[C]//IEEE International Conference on Bioinformatics & Biomedicine. Washington DC, USA, 2015:556-559.
[8] LUCKOW A, COOK M, ASHCRAFT N, et al. Deep learning in the automotive industry:Applications and tools[C]//2016 IEEE International Conference on Big Data. Boston, USA, 2017:3759-3768.
[9] LEE H, KIM Y, KIM C O. A deep learning model for robust wafer fault monitoring with sensor measurement noise[J]. IEEE Transactions on Semiconductor Manufacturing, 2017, 30(1):23-31.
[10] YU Y, LONG J, CAI Z P. Session-based network intrusion detection using a deep learning architecture[M]//TORRA V, NARUKAWA Y, HONDA A, et al. Modeling decisions for artificial intelligence. Berlin, Germany:Springer, 2017:144-155.
[11] ALRAWASHDEH K, PURDY C. Toward an online anomaly intrusion detection system based on deep learning[C]//15th IEEE International Conference on Machine Learning and Application. Anaheim, USA, 2016:195-200.
[12] HINTON G E, SALAKHUTDINOV R R. Reducing the dimensionality of data with neural networks[J]. Science, 2006, 313(5786):504-507.
[13] BENGIO Y, LAMBLIN P, POPOVICI D, et al. Greedy layer-wise training of deep networks[C]//Proceedings of the 19th International Conference on Neural Information Processing System. Cambridge, USA:MIT Press, 2006, 19:153-160.
[14] KIM J, SHIN N, JO S Y, et al. Method of intrusion detection using deep neural network[C]//Proceedings of 2017 IEEE International Conference on Big Data and Smart Computing. Jeju, Republic of Korea, 2017:313-316.
[15] KINGMA D, BA J. ADAM:A method for stochastic optimization[J/OL]. (2017-01-30)[2018-05-03]. https://arxiv.org/abs/1412.6980v9.
[16] JAVAID A, NIYAZ Q, SUN W Q, et al. A deep learning approach for network intrusion detection system[C]//9th EAI International Conference on Bio-Inspired Information and Communications Technologies. New York, USA, 2015:21-26.
[17] DONG B, WANG X. Comparison deep learning method to traditional methods using for network intrusion detection[C]//8th IEEE International Conference on Communication Software and Networks. Beijing, China, 2016:581-585.
[18] HOU S F, SAAS A, CHEN L F, et al. Deep4MalDroid:A deep learning framework for Android malware detection based on linux kernel system call graphs[C]//2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops. Omaha, USA, 2017:104-111.
[19] YUAN Z L, LU Y Q, XUE Y B. Droiddetector:Android malware characterization and detection using deep learning[J]. Tsinghua Science and Technology, 2016, 21(1):114-123.
[20] SRIVASTAVA N, HINTON G, KRIZHEVSKY A, et al. Dropout:A simple way to prevent neural networks from overfitting[J]. Journal of Machine Learning Research, 2014, 15(1):1929-1958.
[21] CREECH G. ADFA-LD[Z/OL].[2018-05-03]. https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-IDS-Datasets/.
[22] TAVALLAEE M, BAGHERI E, LU W, et al. NSL-KDD[Z/OL].[2018-05-03]. http://www.unb.ca/cic/datasets/nsl.html.
[23] LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-based learning applied to document recognition[J]. Proceedings of the IEEE, 1998, 86(11):2278-2324.
[24] GOODFELLOW I, BENGIO Y, COURVILLE A. Deep learning[M]. Cambridge, USA:MIT Press, 2016.
[25] HINTON G E, SRIVASTAVA N, KRIZHEVSKY A, et al. Improving neural networks by preventing co-adaptation of feature detectors[J]. Computer Science, 2012, 3(4):212-223.
[26] CREECH G, HU J K. A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns[J]. IEEE Transactions on Computers, 2014, 63(4):807-819.
[27] BLONDEL M, BRUCHER M, BUITINCK L, et al. Scikit-learn[Z/OL].[2018-05-03]. http://scikit-learn.org/stable/.
[28] TAVALLAEE M, BAGHERI E, LU W, et al. A detailed analysis of the KDD CUP 99 data set[C]//2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. Ottawa, Canada, 2009:53-58.
[29] MCHUGH J. Testing intrusion detection systems:A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory[J]. ACM Transactions on Information and System Security, 2000, 3(4):262-294.

[1]	杨波, 邱雷, 吴书. 异质图神经网络协同过滤模型[J]. 清华大学学报（自然科学版）, 2023, 63(9): 1339-1349.
[2]	黄贲, 康飞, 唐玉. 基于目标检测的混凝土坝裂缝实时检测方法[J]. 清华大学学报（自然科学版）, 2023, 63(7): 1078-1086.
[3]	陈波, 张华, 陈永灿, 李永龙, 熊劲松. 基于特征增强的水工结构裂缝语义分割方法[J]. 清华大学学报（自然科学版）, 2023, 63(7): 1135-1143.
[4]	杜晓闯, 梁漫春, 黎岢, 俞彦成, 刘欣, 汪向伟, 王汝栋, 张国杰, 付起. 基于卷积神经网络的γ放射性核素识别方法[J]. 清华大学学报（自然科学版）, 2023, 63(6): 980-986.
[5]	邓青, 张博, 李宜豪, 周亮, 周正青, 蒋慧灵, 高扬. 基于级联CNN的疏散场景中人群数量估计模型[J]. 清华大学学报（自然科学版）, 2023, 63(1): 146-152.
[6]	苗旭鹏, 张敏旭, 邵蓥侠, 崔斌. PS-Hybrid: 面向大规模推荐模型训练的混合通信框架[J]. 清华大学学报（自然科学版）, 2022, 62(9): 1417-1425.
[7]	梅杰, 李庆斌, 陈文夫, 邬昆, 谭尧升, 刘春风, 王东民, 胡昱. 基于目标检测模型的混凝土坯层覆盖间歇时间超时预警[J]. 清华大学学报（自然科学版）, 2021, 61(7): 688-693.
[8]	管志斌, 王晓萌, 辛伟, 王嘉捷. 源代码缺陷检测数据生成及标注方法[J]. 清华大学学报（自然科学版）, 2021, 61(11): 1240-1245.
[9]	王晓萌, 管志斌, 辛伟, 王嘉捷. 基于深度卷积神经网络的源代码缺陷检测方法[J]. 清华大学学报（自然科学版）, 2021, 61(11): 1267-1272.
[10]	韩坤, 潘海为, 张伟, 边晓菲, 陈春伶, 何舒宁. 基于多模态医学图像的Alzheimer病分类方法[J]. 清华大学学报（自然科学版）, 2020, 60(8): 664-671,682.
[11]	王志国, 章毓晋. 监控视频异常检测：综述[J]. 清华大学学报（自然科学版）, 2020, 60(6): 518-529.
[12]	孙博文, 张鹏, 成茗宇, 李新童, 李祺. 基于代码图像增强的恶意代码检测方法[J]. 清华大学学报（自然科学版）, 2020, 60(5): 386-392.
[13]	蒋文斌, 王宏斌, 刘湃, 陈雨浩. 基于AVX2指令集的深度学习混合运算策略[J]. 清华大学学报（自然科学版）, 2020, 60(5): 408-414.
[14]	余传明, 原赛, 胡莎莎, 安璐. 基于深度学习的多语言跨领域主题对齐模型[J]. 清华大学学报（自然科学版）, 2020, 60(5): 430-439.
[15]	宋欣瑞, 张宪琦, 张展, 陈新昊, 刘宏伟. 多传感器数据融合的复杂人体活动识别[J]. 清华大学学报（自然科学版）, 2020, 60(10): 814-821.

Viewed

Full text

Abstract

Cited

Shared

Discussed