基于独热编码和卷积神经网络的异常检测

doi:10.16511/j.cnki.qhdxxb.2018.25.061

全文: PDF(1102 KB)
输出: BibTeX | EndNote (RIS)

摘要目前基于深度学习的网络异常检测是入侵检测领域新的研究方向，但是大部分研究都是利用数据挖掘处理后的特征数据进行特征学习和分类。该文利用UNSW-NB15作为主要研究数据集，利用独热编码对数据集中的原始网络包进行编码，维度重构后形成二维数据，并利用GoogLeNet网络进行特征提取学习，最后训练分类器模型进行检测。实验结果表明：该方法能有效处理原始网络包并进行网络攻击检测，检测精度达到99%以上，高于基于特征数据进行的深度学习检测方法。

	服务

	把本文推荐给朋友
	加入引用管理器
	E-mail Alert
	RSS

	作者相关文章
	梁杰
	陈嘉豪
	张雪芹
	周悦
	林家骏

关键词 ：网络异常检测, 卷积神经网络(CNN), 独热编码, UNSW-NB15数据集

Abstract：Deep learning based network anomaly detection is a new research field with previous studies using preprocessed datasets based on data mining or other methods. This paper transforms and encodes the UNSW-NB15 dataset using one-hot encoding to a two-dimensional dataset. Then, GoogLeNet is used for deep learning network to extract the features and train the classifier. Tests show that this method can effectively process the original network packet with a classification accuracy over 99%, which is much higher than deep learning detection methods based on preprocessed data.

Key words： anomaly detection convolutional neural network one-hot encoding UNSW-NB15 dataset

收稿日期: 2018-08-18 出版日期: 2019-06-21

基金资助:国家自然科学基金资助项目（U1536119）

引用本文:

梁杰, 陈嘉豪, 张雪芹, 周悦, 林家骏. 基于独热编码和卷积神经网络的异常检测[J]. 清华大学学报（自然科学版）, 2019, 59(7): 523-529.
LIANG Jie, CHEN Jiahao, ZHANG Xueqin, ZHOU Yue, LIN Jiajun. One-hot encoding and convolutional neural network based anomaly detection. Journal of Tsinghua University(Science and Technology), 2019, 59(7): 523-529.

链接本文:

http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2018.25.061 或 http://jst.tsinghuajournals.com/CN/Y2019/V59/I7/523

图１ CNN结构图

图２ Inception V１结构

图３数据包独热编码转换图

图４数据包内容独热编码后的二维稀疏图像

图５基于ROG的异常检测技术路线

表1 UNSW-NB15数据集特征

表2 UNSW-NB15训练集(包含验证集)样本数

表3 UNSW-NB15测试集样本数

表4 Raw-OHE和Reduce-OHE方法对比实验

表５ CNN网络模型对比实验

表６ ROG与其他深度学习算法对比实验

图６３种分类模型的ROC曲线

表７ ROG多分类实验

[1] FIORE U, PALMIERI F, CASTIGLIONE A, et al. Network anomaly detection with the restricted Boltzmann machine[J]. Neurocomputing, 2013, 122:13-23.
[2] YADAV S, SUBRAMANIAN S. Detection of application layer DDoS attack by feature learning using stacked AutoEncoder[C]//Proceedings of 2016 International Conference on Computational Techniques in Information and Communication Technologies. New Delhi, India:IEEE, 2016:361-366.
[3] YIN C L, ZHU Y F, FEI J L, et al. A deep learning approach for intrusion detection using recurrent neural networks[J]. IEEE Access, 2017, 5:21954-21961.
[4] YUAN X Y, LI C H, LI X L. DeepDefense:Identifying DDoS attack via deep learning[C]//Proceedings of 2017 IEEE International Conference on Smart Computing. Hong Kong, China:IEEE, 2017:1-8.
[5] LI Z P, QIN Z, HUANG K, et al. Intrusion detection using convolutional neural networks for representation learning[M]//LIU D, XIE S, LI Y, et al. Neural Information Processing. Cham:Springer, 2017:858-866.
[6] WANG W, SHENG Y Q, WANG J L, et al. HAST-IDS:Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection[J]. IEEE Access, 2018, 6:1792-1806.
[7] MOUSTAFA N, SLAY J. UNSW-NB15:A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]//Proceedings of 2015 Military Communications and Information Systems Conference. Canberra, ACT, Australia:IEEE, 2015:1-6.
[8] MOUSTAFA N, SLAY J. The evaluation of network anomaly detection systems:Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J]. Information Systems Security, 2016, 25(1-3):18-31.
[9] BOUVRIE J. Notes on convolutional neural networks[Z]. Neural Networks, 2006.
[10] SZEGEDY C, LIU W, JIA Y Q, et al. Going deeper with convolutions[C]//Proceedings of 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Boston, MA, USA:IEEE, 2015:1-9.
[11] LIN M, CHEN Q, YAN S C. Network in network[Z]. arXiv:1312.4400, 2013.