基于混合卷积神经网络和循环神经网络的入侵检测模型

doi:10.11772/j.issn.1001-9081.2018030710

计算机应用 ›› 2018, Vol. 38 ›› Issue (10): 2903-2907.DOI: 10.11772/j.issn.1001-9081.2018030710

基于混合卷积神经网络和循环神经网络的入侵检测模型

方圆¹, 李明¹, 王萍¹, 江兴何², 张信明²

1. 国家电网安徽省电力有限公司信息通信分公司, 合肥 230061;
2. 中国科学技术大学计算机科学与技术学院, 合肥 230027

收稿日期:2018-04-08 修回日期:2018-06-04 发布日期:2018-10-13 出版日期:2018-10-10
通讯作者: 张信明
作者简介:方圆(1983-),男,安徽黄山人,工程师,硕士,主要研究方向:信息安全;李明(1971-),男,安徽合肥人,高级工程师,主要研究方向:信息安全;王萍(1975-),女,安徽桐城人,高级工程师,主要研究方向:信息安全;江兴何(1993-),男,安徽亳州人,硕士研究生,主要研究方向:深度学习;张信明(1964-),男,安徽天长人,教授,博士,CCF高级会员,主要研究方向:无线网络、大数据、智能电网。
基金资助:
国家重点研发计划项目（017YFC0804402）。

Intrusion detection model based on hybrid convolutional neural network and recurrent neural network

FANG Yuan¹, LI Ming¹, WANG Ping¹, JIANG Xinghe², ZHANG Xinming²

1. Division of Information Communication, State Grid Anhui Electric Power Company Limited, Hefei Anhui 230061, China;
2. School of Computer Science and Technology, University of Science and Technology of China, Hefei Anhui 230027, China

Received:2018-04-08 Revised:2018-06-04 Online:2018-10-13 Published:2018-10-10
Supported by:
This work is partially supported by National Key Research and Development Program of China (017YFC0804402).

摘要/Abstract

摘要： 针对电力信息网络中的高级持续性威胁问题，提出一种基于混合卷积神经网络（CNN）和循环神经网络（RNN）的入侵检测模型。该模型根据网络数据流量的统计特征对当前网络状态进行分类。首先，获取日志文件中网络流量的各统计值，进行特征编码、归一化等预处理工作；然后，通过深度卷积神经网络中可变卷积核提取不同主机入侵流量之间空间相关特征；最后，将已经处理好的包含空间相关特征的数据在时间上错开排列，利用深度循环神经网络挖掘入侵流量的时间相关特征。实验结果表明，该模型相对于传统的机器学习模型在曲线下方的面积（AUC）上提升了7.5%~14.0%，同时误报率降低了83.7%~52.7%。所提模型能准确地识别网络流量的类别，大幅降低误报率。

关键词: 高级持续性威胁, 网络流量, 卷积神经网络, 循环神经网络

Abstract: Aiming at the problem of advanced persistent threats in power information networks, a hybrid Convolutional Neural Network (CNN) and Recurrent Neural Network (RNN) intrusion detection model was proposed, by which current network states were classified according to various statistical characteristics of network traffic. Firstly, pre-processing works such as feature encoding and normalization were performed on the network traffic obtained from log files. Secondly, spatial correlation features between different hosts' intrusion traffic were extracted by using deformable convolution kernels in CNN. Finally, the processed data containing spatial correlation features were staggered in time, and the temporal correlation features of the intrusion traffic were mined by RNN. The experimental results showed that the Area Under Curve (AUC) of the model was increased by 7.5% to 14.0% compared to traditional machine learning models, and the false positive rate was reduced by 83.7% to 52.7%. It indicates that the proposed model can accurately identify the type of network traffic and significantly reduce the false positive rate.

Key words: advanced persistent threat, network traffic, convolutional neural network, recurrent neural network

中图分类号:

TP391

方圆, 李明, 王萍, 江兴何, 张信明. 基于混合卷积神经网络和循环神经网络的入侵检测模型[J]. 计算机应用, 2018, 38(10): 2903-2907.

FANG Yuan, LI Ming, WANG Ping, JIANG Xinghe, ZHANG Xinming. Intrusion detection model based on hybrid convolutional neural network and recurrent neural network[J]. Journal of Computer Applications, 2018, 38(10): 2903-2907.

参考文献

[1] HU P, LI H, FU H, et al. Dynamic defense strategy against advanced persistent threat with insiders[C]//INFOCOM 2015:Proceedings of the 2015 IEEE Conference on Computer Communications. Piscataway, NJ:IEEE, 2015:747-755.
[2] LIANG G, WELLERS R, ZHAO J, et al. The 2015 Ukraine blackout:implications for false data injection attacks[J]. IEEE Transactions on Power Systems, 2017, 32(4):3317-3318.
[3] 付钰, 李洪成, 吴晓平, 等. 基于大数据分析的APT攻击检测研究综述[J]. 通信学报, 2015, 36(11):1-14. (FU Y, LI H C, WU X P, et al. Detecting APT attacks:a survey from the perspective of big data analysis[J]. Journal on Communications, 2015, 36(11):1-14.)
[4] DASH S K, REDDY K S, PUJARI A K. Adaptive Naive Bayes method for masquerade detection[J]. Security and Communication Networks, 2011, 4(4):410-417.
[5] PERVEZ M S, FARID D M. Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs[C]//SKIMA 2014:Proceedings of the 20148th International Conference on Software, Knowledge, Information Management and Applications. Piscataway, NJ:IEEE, 2014:1-6.
[6] CAMACHO J, PEREZ-VILLEGAS A, GARCIA-TEODORO P, et al. PCA-based multivariate statistical network monitoring for anomaly detection[J]. Computers & Security, 2016, 59:118-137.
[7] CHEN P, DESMET L, HUYGENS C. A study on advanced persistent threats[C]//CMS 2014:Proceedings of the 2014 IFIP International Conference on Communications and Multimedia Security. Berlin:Springer, 2014:63-72.
[8] KDD cup 1999 data[EB/OL].[2018-01-20]. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
[9] LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-based learning applied to document recognition[J]. Proceedings of the IEEE, 1998, 86(11):2278-2324.
[10] GRAVES A, MOHAMED A, HINTON G. Speech recognition with deep recurrent neural networks[C]//ICASSP 2013:Proceedings of the 38th IEEE International Conference on Acoustics, Speech and Signal Processing. Piscataway, NJ:IEEE, 2013:6645-6649.
[11] CHUNG J, GULCEHRE C, CHO K H, et al. Empirical evaluation of gated recurrent neural networks on sequence modeling[EB/OL].[2018-01-10]. https://arxiv.org/abs/1412.3555.
[12] DAI J, QI H, XIONG Y, et al. Deformable convolutional networks[EB/OL].[2018-01-10]. http://openaccess.thecvf.com/content_ICCV_2017/papers/Dai_Deformable_Convolutional_Networks_ICCV_2017_paper.pdf.
[13] ABADI M, BARHAM P, CHEN J, et al. TensorFlow:a system for large-scale machine learning[C]//OSDI 2016:Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation. Berkeley:USENIX Association, 2016:265-283.
[14] Mila parkour. (2013) Contagio malware database[EB/OL].[2018-01-26]. https://www.mediafire.com/folder/c2az029ch6cke/TRAFFIC_PATTERNS_COLLECTION#734479hwy1b97.
[15] Predict. (2009) DARPA Scalable Network Monitoring (SNM) Program Traffic[EB/OL].[2018-01-26]. https://ant.isi.edu/datasets/readmes/DARPA_Scalable_Network_Monitoring-20091103.README.txt.

基于混合卷积神经网络和循环神经网络的入侵检测模型

Intrusion detection model based on hybrid convolutional neural network and recurrent neural network

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	秦璟, 秦志光, 李发礼, 彭悦恒. 基于概率稀疏自注意力神经网络的重性抑郁疾患诊断[J]. 《计算机应用》唯一官方网站, 2024, 44(9): 2970-2974.
[2]	李云, 王富铕, 井佩光, 王粟, 肖澳. 基于不确定度感知的帧关联短视频事件检测方法[J]. 《计算机应用》唯一官方网站, 2024, 44(9): 2903-2910.
[3]	陈虹, 齐兵, 金海波, 武聪, 张立昂. 融合1D-CNN与BiGRU的类不平衡流量异常检测[J]. 《计算机应用》唯一官方网站, 2024, 44(8): 2493-2499.
[4]	张春雪, 仇丽青, 孙承爱, 荆彩霞. 基于两阶段动态兴趣识别的购买行为预测模型[J]. 《计算机应用》唯一官方网站, 2024, 44(8): 2365-2371.
[5]	赵宇博, 张丽萍, 闫盛, 侯敏, 高茂. 基于改进分段卷积神经网络和知识蒸馏的学科知识实体间关系抽取[J]. 《计算机应用》唯一官方网站, 2024, 44(8): 2421-2429.
[6]	高阳峄, 雷涛, 杜晓刚, 李岁永, 王营博, 闵重丹. 基于像素距离图和四维动态卷积网络的密集人群计数与定位方法[J]. 《计算机应用》唯一官方网站, 2024, 44(7): 2233-2242.
[7]	王东炜, 刘柏辰, 韩志, 王艳美, 唐延东. 基于低秩分解和向量量化的深度网络压缩方法[J]. 《计算机应用》唯一官方网站, 2024, 44(7): 1987-1994.
[8]	沈君凤, 周星辰, 汤灿. 基于改进的提示学习方法的双通道情感分析模型[J]. 《计算机应用》唯一官方网站, 2024, 44(6): 1796-1806.
[9]	黄梦源, 常侃, 凌铭阳, 韦新杰, 覃团发. 基于层间引导的低光照图像渐进增强算法[J]. 《计算机应用》唯一官方网站, 2024, 44(6): 1911-1919.
[10]	李健京, 李贯峰, 秦飞舟, 李卫军. 基于不确定知识图谱嵌入的多关系近似推理模型[J]. 《计算机应用》唯一官方网站, 2024, 44(6): 1751-1759.
[11]	姚迅, 秦忠正, 杨捷. 生成式标签对抗的文本分类模型[J]. 《计算机应用》唯一官方网站, 2024, 44(6): 1781-1785.
[12]	孙敏, 成倩, 丁希宁. 基于CBAM-CGRU-SVM的Android恶意软件检测方法[J]. 《计算机应用》唯一官方网站, 2024, 44(5): 1539-1545.
[13]	高文烁, 陈晓云. 基于节点结构的点云分类网络[J]. 《计算机应用》唯一官方网站, 2024, 44(5): 1471-1478.
[14]	席治远, 唐超, 童安炀, 王文剑. 基于双路时空网络的驾驶员行为识别[J]. 《计算机应用》唯一官方网站, 2024, 44(5): 1511-1519.
[15]	陈天华, 朱家煊, 印杰. 基于注意力机制的鸟类识别算法[J]. 《计算机应用》唯一官方网站, 2024, 44(4): 1114-1120.