为了进一步提高入侵检测系统的检测准确率和检测效率,提出了一种基于深度卷积神经网络(dCNN)的入侵检测方法。该方法使用深度学习技术,如tanh、Dropout和Softmax等,设计了深度入侵检测模型。首先通过数据填充的方式将原始的一维入侵数据转换为二维的“图像数据”,然后使用dCNN从中学习有效特征,并结合Softmax分类器产生最终的检测结果。该文基于Tensorflow-GPU实现了该方法,并在一块Nvidia GTX 1060 3 GB的GPU上,使用ADFA-LD和NSL-KDD数据集进行了评估。结果表明:该方法减少了训练时间,提高了检测准确率,降低了误报率,提升了入侵检测系统的实时处理性能和检测效率。
This paper presents an intrusion detection method based on a deep convolutional neural network (dCNN) to improve the detection accuracy and efficiency of intrusion detection systems. This method uses deep learning to design the deep intrusion detection model including the tanh, Dropout, and Softmax algorithms. The method first transforms the one-dimensional raw intrusion data into two-dimensional "image" data using data padding. Then, the method uses dCNN to learn effective features from the data and the Softmax classifier to generate the final detection result. The method was implemented on a Tensorflow-GPU and evaluated on a Nvidia GTX 1060 3 GB GPU using the ADFA-LD and NSL-KDD datasets. Tests show that this method has shorter training time, improved detection accuracy, and lower false alarm rates. Thus, this method enhances the real-time processing and detection efficiency of intrusion detection systems.
[1] CREECH G, HU J K. Generation of a new IDS test dataset:Time to retire the KDD collection[C]//2013 IEEE Wireless Communications and Networking Conference (WCNC). Shanghai, China, 2013:4487-4492.
[2] SHONE N, NGOC T N, PHAI V D, et al. A deep learning approach to network intrusion detection[J]. IEEE Transactions on Emerging Topics in Computational Intelligence, 2018, 2(1):41-50.
[3] YI Y A, MIN M M. An analysis of random forest algorithm based network intrusion detection system[C]//2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD). Kanazawa, Japan, 2017:127-132.
[4] SILVER D, HUANG A, MADDISON C J, et al. Mastering the game of Go with deep neural networks and tree search[J]. Nature, 2016, 529(7587):484-489.
[5] LECUN Y, BENGIO Y, HINTON G. Deep learning[J]. Nature, 2015, 521(7553):436-444.
[6] KRIZHEVSKY A, SUTSKEVER I, HINTON G E. ImageNet classification with deep convolutional neural networks[C]//Proceedings of the 25th International Conference on Neural Information Processing System. Lake Tahoe, USA:Curran Associates, 2012:1097-1105.
[7] LIANG Z, ZHANG G, HUANG J X, et al. Deep learning for health-care decision making with EMRs[C]//IEEE International Conference on Bioinformatics & Biomedicine. Washington DC, USA, 2015:556-559.
[8] LUCKOW A, COOK M, ASHCRAFT N, et al. Deep learning in the automotive industry:Applications and tools[C]//2016 IEEE International Conference on Big Data. Boston, USA, 2017:3759-3768.
[9] LEE H, KIM Y, KIM C O. A deep learning model for robust wafer fault monitoring with sensor measurement noise[J]. IEEE Transactions on Semiconductor Manufacturing, 2017, 30(1):23-31.
[10] YU Y, LONG J, CAI Z P. Session-based network intrusion detection using a deep learning architecture[M]//TORRA V, NARUKAWA Y, HONDA A, et al. Modeling decisions for artificial intelligence. Berlin, Germany:Springer, 2017:144-155.
[11] ALRAWASHDEH K, PURDY C. Toward an online anomaly intrusion detection system based on deep learning[C]//15th IEEE International Conference on Machine Learning and Application. Anaheim, USA, 2016:195-200.
[12] HINTON G E, SALAKHUTDINOV R R. Reducing the dimensionality of data with neural networks[J]. Science, 2006, 313(5786):504-507.
[13] BENGIO Y, LAMBLIN P, POPOVICI D, et al. Greedy layer-wise training of deep networks[C]//Proceedings of the 19th International Conference on Neural Information Processing System. Cambridge, USA:MIT Press, 2006, 19:153-160.
[14] KIM J, SHIN N, JO S Y, et al. Method of intrusion detection using deep neural network[C]//Proceedings of 2017 IEEE International Conference on Big Data and Smart Computing. Jeju, Republic of Korea, 2017:313-316.
[15] KINGMA D, BA J. ADAM:A method for stochastic optimization[J/OL]. (2017-01-30)[2018-05-03]. https://arxiv.org/abs/1412.6980v9.
[16] JAVAID A, NIYAZ Q, SUN W Q, et al. A deep learning approach for network intrusion detection system[C]//9th EAI International Conference on Bio-Inspired Information and Communications Technologies. New York, USA, 2015:21-26.
[17] DONG B, WANG X. Comparison deep learning method to traditional methods using for network intrusion detection[C]//8th IEEE International Conference on Communication Software and Networks. Beijing, China, 2016:581-585.
[18] HOU S F, SAAS A, CHEN L F, et al. Deep4MalDroid:A deep learning framework for Android malware detection based on linux kernel system call graphs[C]//2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops. Omaha, USA, 2017:104-111.
[19] YUAN Z L, LU Y Q, XUE Y B. Droiddetector:Android malware characterization and detection using deep learning[J]. Tsinghua Science and Technology, 2016, 21(1):114-123.
[20] SRIVASTAVA N, HINTON G, KRIZHEVSKY A, et al. Dropout:A simple way to prevent neural networks from overfitting[J]. Journal of Machine Learning Research, 2014, 15(1):1929-1958.
[21] CREECH G. ADFA-LD[Z/OL].[2018-05-03]. https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-IDS-Datasets/.
[22] TAVALLAEE M, BAGHERI E, LU W, et al. NSL-KDD[Z/OL].[2018-05-03]. http://www.unb.ca/cic/datasets/nsl.html.
[23] LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-based learning applied to document recognition[J]. Proceedings of the IEEE, 1998, 86(11):2278-2324.
[24] GOODFELLOW I, BENGIO Y, COURVILLE A. Deep learning[M]. Cambridge, USA:MIT Press, 2016.
[25] HINTON G E, SRIVASTAVA N, KRIZHEVSKY A, et al. Improving neural networks by preventing co-adaptation of feature detectors[J]. Computer Science, 2012, 3(4):212-223.
[26] CREECH G, HU J K. A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns[J]. IEEE Transactions on Computers, 2014, 63(4):807-819.
[27] BLONDEL M, BRUCHER M, BUITINCK L, et al. Scikit-learn[Z/OL].[2018-05-03]. http://scikit-learn.org/stable/.
[28] TAVALLAEE M, BAGHERI E, LU W, et al. A detailed analysis of the KDD CUP 99 data set[C]//2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. Ottawa, Canada, 2009:53-58.
[29] MCHUGH J. Testing intrusion detection systems:A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory[J]. ACM Transactions on Information and System Security, 2000, 3(4):262-294.
