Journal of Computer Applications ›› 2021, Vol. 41 ›› Issue (5): 1372-1377.DOI: 10.11772/j.issn.1001-9081.2020071082

Special Issue: 网络空间安全

• Cyber security • Previous Articles     Next Articles

Intrusion detection model based on combination of dilated convolution and gated recurrent unit

ZHANG Quanlong, WANG Huaibin   

  1. School of Computer Science and Engineering, Tianjin University of Technology, Tianjin 300384, China
  • Received:2020-07-23 Revised:2020-09-05 Online:2021-05-10 Published:2020-10-19
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61773286).


张全龙, 王怀彬   

  1. 天津理工大学 计算机科学与工程学院, 天津 300384
  • 通讯作者: 王怀彬
  • 作者简介:张全龙(1994-),男,安徽宿州人,硕士研究生,CCF会员,主要研究方向:网络信息安全;王怀彬(1960-),男,天津人,教授,博士生导师,主要研究方向:网络信息安全、计算机软件。
  • 基金资助:

Abstract: Intrusion detection model based on machine learning plays a vital role in the security protection of network environment. Aiming at the problem that the existing network intrusion detection model cannot fully learn the data features of network intrusion, the deep learning theory was applied to intrusion detection, and a deep network model with automatic feature extraction function was proposed. In this model, the dilated convolution was used to increase the receptive field of information and extract high-level features from it, the Gated Recurrent Unit (GRU) model was used to extract long-term dependencies between retained features, then the Deep Neural Network (DNN) was used to fully learn the data features. Compared with the classical machine learning classifier, this model has a higher detection rate. Experiments conducted on the famous KDD CUP99, NSL-KDD and UNSW-NB15 datasets show that the model has the performance better than other classifiers. Specifically, the model has the accuracy of 99.78% on KDD CUP99 dataset, the accuracy of 99.53% on NSL-KDD dataset, and the accuracy of 93.12% on UNSW-NB15 dataset.

Key words: network intrusion detection model, deep learning, gated recurrent unit, dilated convolution, network security

摘要: 基于机器学习的入侵检测模型在网络环境的安全保护中起着至关重要的作用。针对现有的网络入侵检测模型不能够对网络入侵数据特征进行充分学习的问题,将深度学习理论应用于入侵检测,提出了一种具有自动特征提取功能的深度网络模型。在该模型中,使用膨胀卷积来增大对信息的感受野并从中提取高级特征,使用门控循环单元(GRU)模型提取保留特征之间的长期依赖关系,再利用深层神经网络(DNN)对数据特征进行充分学习。与经典的机器学习分类器相比,该模型具有较高的检测率。在著名的KDD CUP99、NSL-KDD和UNSW-NB15数据集上进行的实验表明,该模型具有由于其他分类器的性能。具体来说,该模型在KDD CUP99数据集上的准确率为99.78%,在NSL-KDD数据集上的准确率为99.53%,在UNSW-NB15数据集上的准确率为93.12%。

关键词: 网络入侵检测模型, 深度学习, 门控循环单元, 膨胀卷积, 网络安全

CLC Number: