计算机应用 ›› 2017, Vol. 37 ›› Issue (6): 1636-1643.DOI: 10.11772/j.issn.1001-9081.2017.06.1636

• 网络空间安全 • 上一篇    下一篇

基于优化数据处理的深度信念网络模型的入侵检测方法

陈虹, 万广雪, 肖振久   

  1. 辽宁工程技术大学 软件学院, 辽宁 葫芦岛 125105
  • 收稿日期:2016-11-04 修回日期:2016-12-26 出版日期:2017-06-10 发布日期:2017-06-14
  • 通讯作者: 万广雪
  • 作者简介:陈虹(1967-),女,辽宁阜新人,副教授,硕士,CCF会员,主要研究方向:信息安全;万广雪(1992-),女,辽宁大连人,硕士研究生,主要研究方向:信息安全、深度学习;肖振久(1968-),男,内蒙宁城人,副教授,硕士,CCF会员,主要研究方向:信息安全。
  • 基金资助:
    辽宁省教育厅科学技术研究项目(LJYL052)。

Intrusion detection method of deep belief network model based on optimization of data processing

CHEN Hong, WAN Guangxue, XIAO Zhenjiu   

  1. School of Software, Liaoning Technical University, Huludao Liaoning 125105, China
  • Received:2016-11-04 Revised:2016-12-26 Online:2017-06-10 Published:2017-06-14
  • Supported by:
    This work is partially supported by the Science and Technology Research Project of Liaoning Education Department (LJYL052).

摘要: 针对目前网络中存在的对已知攻击类型的入侵检测具有较高的检测率,但对新出现的攻击类型难以识别的缺陷问题,提出了一种基于优化数据处理的深度信念网络(DBN)模型的入侵检测方法。该方法在不破坏已学习过的知识和不严重影响检测实时性的基础上,分别对数据处理和方法模型进行改进,以解决上述问题。首先,将经过概率质量函数(PMF)编码和MaxMin归一化处理的数据应用于DBN模型中;然后,通过固定其他参数不变而变化一种参数和交叉验证的方式选择相对最优的DBN结构对未知攻击类型进行检测;最后,在NSL-KDD数据集上进行了验证。实验结果表明,数据的优化处理能够使DBN模型提高分类精度,基于DBN的入侵检测方法具有良好的自适应性,对未知样本具有较高的识别能力。在检测实时性上,所提方法与支持向量机(SVM)算法和反向传播(BP)网络算法相当。

关键词: 入侵检测, 优化数据处理, 深度学习, 深度信念网络, 未知攻击检测

Abstract: Those well-known types of intrusions can be detected with higher detection rate in the network at present, but it is very difficult to detect those new unknown types of network intrusions. In order to solve the problem, a network intrusion detection method of Deep Belief Network (DBN) model based on optimization of data processing was proposed. The data processing and method model were improved respectively without destroying the existing knowledge and increasing detection time seriously to solve the above problem. Firstly, the data processed by Probability Mass Function (PMF) encoding and MaxMin normalization was applied to the DBN model. Then, the relatively optimal DBN structure was selected through fixing other parameters, changing a parameter and the cross validation. Finally, the proposed method was tested on the benchmark NSL-KDD dataset. The experimental results show that, the optimization of data processing can improve the classification accuracy of the DBN model, the proposed intrusion detection method based on DBN has good adaptability and higher recognition ability of unknown samples. The detection time of DBN algorithm is similar to that of Support Vector Machine (SVM) algorithm and Back Propagation (BP) neural network model.

Key words: intrusion detection, optimization of data processing, deep learning, Deep Belief Network (DBN), unknown attack detection

中图分类号: