Journal of Computer Applications ›› 2024, Vol. 44 ›› Issue (8): 2493-2499.DOI: 10.11772/j.issn.1001-9081.2023081112
• Cyber security • Previous Articles
Hong CHEN, Bing QI(), Haibo JIN, Cong WU, Li’ang ZHANG
Received:
2023-08-18
Revised:
2023-10-24
Accepted:
2023-11-14
Online:
2023-12-18
Published:
2024-08-10
Contact:
Bing QI
About author:
bio graphy:CHEN Hong, born in 1967, M. S., associate professor. Her research interests include information security, network security.Supported by:
通讯作者:
齐兵
作者简介:
陈虹(1967—),女,辽宁阜新人,副教授,硕士,CCF会员,主要研究方向:信息安全、网络安全基金资助:
CLC Number:
Hong CHEN, Bing QI, Haibo JIN, Cong WU, Li’ang ZHANG. Class-imbalanced traffic abnormal detection based on 1D-CNN and BiGRU[J]. Journal of Computer Applications, 2024, 44(8): 2493-2499.
陈虹, 齐兵, 金海波, 武聪, 张立昂. 融合1D-CNN与BiGRU的类不平衡流量异常检测[J]. 《计算机应用》唯一官方网站, 2024, 44(8): 2493-2499.
Add to citation manager EndNote|Ris|BibTeX
URL: https://www.joca.cn/EN/10.11772/j.issn.1001-9081.2023081112
类别 | 数 | 类别 | 数 |
---|---|---|---|
总计 | 257 673 | ||
Normal | 93 000 | Fuzzers | 24 246 |
Analysis | 2 677 | Generic | 58 871 |
Backdoors | 2 329 | Reconaissance | 13 987 |
DoS | 16 353 | Shellcode | 1 511 |
Exploits | 44 525 | Worms | 174 |
Tab. 1 UNSW-NB15 dataset category distribution
类别 | 数 | 类别 | 数 |
---|---|---|---|
总计 | 257 673 | ||
Normal | 93 000 | Fuzzers | 24 246 |
Analysis | 2 677 | Generic | 58 871 |
Backdoors | 2 329 | Reconaissance | 13 987 |
DoS | 16 353 | Shellcode | 1 511 |
Exploits | 44 525 | Worms | 174 |
卷积核大小 | 准确率/% | 误报率/% |
---|---|---|
1 | 97.81 | 1.78 |
3 | 98.12 | 1.28 |
5 | 98.06 | 1.54 |
Tab. 3 Selection of one-dimensional convolution kernel size
卷积核大小 | 准确率/% | 误报率/% |
---|---|---|
1 | 97.81 | 1.78 |
3 | 98.12 | 1.28 |
5 | 98.06 | 1.54 |
采样方法 | 准确率/% | 精确率/% | 召回率/% | F1值/% | 误报率/% | 训练时间/s | 测试时间/s |
---|---|---|---|---|---|---|---|
SMOTE | 79.38 | 79.61 | 79.38 | 79.50 | 1.39 | 387.39 | 53.47 |
ROS | 73.87 | 84.94 | 73.87 | 79.02 | 1.52 | 427.89 | 67.81 |
Borderline-SMOTE+RUS | 96.25 | 98.27 | 96.25 | 97.25 | 1.39 | 47.37 | 15.10 |
Borderline-SMOTE+GMM | 96.54 | 98.30 | 96.54 | 97.41 | 1.33 | 48.59 | 16.39 |
本文方法 | 98.12 | 98.38 | 96.87 | 97.62 | 1.28 | 48.66 | 16.71 |
Tab. 4 Performance comparation of different sampling methods
采样方法 | 准确率/% | 精确率/% | 召回率/% | F1值/% | 误报率/% | 训练时间/s | 测试时间/s |
---|---|---|---|---|---|---|---|
SMOTE | 79.38 | 79.61 | 79.38 | 79.50 | 1.39 | 387.39 | 53.47 |
ROS | 73.87 | 84.94 | 73.87 | 79.02 | 1.52 | 427.89 | 67.81 |
Borderline-SMOTE+RUS | 96.25 | 98.27 | 96.25 | 97.25 | 1.39 | 47.37 | 15.10 |
Borderline-SMOTE+GMM | 96.54 | 98.30 | 96.54 | 97.41 | 1.33 | 48.59 | 16.39 |
本文方法 | 98.12 | 98.38 | 96.87 | 97.62 | 1.28 | 48.66 | 16.71 |
类别 | 平衡数据前的检出率 | 平衡数据后的检出率 |
---|---|---|
Normal | 100 | 98.84 |
Generic | 98 | 98.21 |
Exploits | 84 | 54.07 |
Fuzzers | 39 | 69.62 |
DoS | 3 | 39.48 |
Reconnaissance | 74 | 82.76 |
Analysis | 0 | 37.34 |
Backdoors | 6 | 20.84 |
Shellcode | 3 | 82.13 |
Worms | 0 | 81.63 |
Tab. 5 Detection rates of multi-class classification for UNSW-NB15 dataset
类别 | 平衡数据前的检出率 | 平衡数据后的检出率 |
---|---|---|
Normal | 100 | 98.84 |
Generic | 98 | 98.21 |
Exploits | 84 | 54.07 |
Fuzzers | 39 | 69.62 |
DoS | 3 | 39.48 |
Reconnaissance | 74 | 82.76 |
Analysis | 0 | 37.34 |
Backdoors | 6 | 20.84 |
Shellcode | 3 | 82.13 |
Worms | 0 | 81.63 |
池化层 | 准确率 | 误报率 | F1值 |
---|---|---|---|
MaxPool | 96.54 | 1.76 | 96.12 |
AvgPool | 95.71 | 2.39 | 95.02 |
SoftPool | 98.12 | 1.28 | 97.62 |
Tab. 6 Performance of different pooling layers
池化层 | 准确率 | 误报率 | F1值 |
---|---|---|---|
MaxPool | 96.54 | 1.76 | 96.12 |
AvgPool | 95.71 | 2.39 | 95.02 |
SoftPool | 98.12 | 1.28 | 97.62 |
模型 | 准确率 | 精确率 | 召回率 | F1-score |
---|---|---|---|---|
随机森林 | 85.41 | 84.00 | 84.45 | 84.22 |
1D-CNN | 94.11 | 93.10 | 90.10 | 91.57 |
BiGRU | 94.23 | 84.94 | 73.87 | 79.02 |
WaveNet-BiGRU | 96.98 | 95.13 | 96.76 | 95.94 |
CNN-BiLSTM | 96.84 | 95.23 | 95.76 | 95.87 |
本文方法 | 98.12 | 98.38 | 97.23 | 97.62 |
Tab. 7 Performance comparation of anormaly detection among various models
模型 | 准确率 | 精确率 | 召回率 | F1-score |
---|---|---|---|---|
随机森林 | 85.41 | 84.00 | 84.45 | 84.22 |
1D-CNN | 94.11 | 93.10 | 90.10 | 91.57 |
BiGRU | 94.23 | 84.94 | 73.87 | 79.02 |
WaveNet-BiGRU | 96.98 | 95.13 | 96.76 | 95.94 |
CNN-BiLSTM | 96.84 | 95.23 | 95.76 | 95.87 |
本文方法 | 98.12 | 98.38 | 97.23 | 97.62 |
1 | CHOI E, KIM J. Deep learning based defect inspection using the intersection over minimum between search and abnormal regions[J]. International Journal of Precision Engineering and Manufacturing, 2020, 21: 747-758. |
2 | HINTON G E, OSINDERO S, Y-W TEH. A fast learning algorithm for deep belief nets[J]. Neural Computation, 2006, 18(7): 1527-1554. |
3 | ZHANG H, WU C Q, GAO S, et al. An effective deep learning based scheme for network intrusion detection[C]// Proceedings of the 2018 24th International Conference on Pattern Recognition. Piscataway: IEEE, 2018: 682-687. |
4 | 高忠石,苏旸,柳玉东.基于PCA-LSTM的入侵检测研究[J].计算机科学, 2019, 46(S2): 473-476. |
GAO Z S, SU Y, LIU Y D. Study on intrusion detection based on PCA-LSTM [J]. Computer Science,2019, 46(S2): 473-476. | |
5 | QAZI E U H, ALMORJAN A, ZIA T. A one-Dimensional Convolutional Neural Network (1D-CNN) based deep learning system for network intrusion detection[J]. Applied Sciences, 2022, 12(16): 7986. |
6 | 马泽煊,李进,路艳丽,等.融合WaveNet和BiGRU的网络入侵检测方法[J].系统工程与电子技术,2022, 44(8): 2652-2660. |
MA Z X, LI J, LU Y L, et al. Network intrusion detection method based on WaveNet and BiGRU[J].Systems Engineering and Electronics,2022, 44(8): 2652-2660. | |
7 | SINHA J, MANOLLAS M. Efficient deep CNN-BiLSTM model for network intrusion detection[C]// Proceedings of the 2020 3rd International Conference on Artificial Intelligence and Pattern Recognition. New York: ACM, 2020: 223-231. |
8 | SAPRE S, ISLAM K, AHMADI P. A comprehensive data sampling analysis applied to the classification of rare IoT network intrusion types[C]// Proceedings of the 2021 IEEE 18th Annual Consumer Communications & Networking Conference. Piscataway: IEEE, 2021: 1-2. |
9 | MOUSTAFA N, SLAY J. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]// Proceedings of the 2015 Military Communications and Information Systems Conference. Piscataway: IEEE, 2015: 1-6. |
10 | LeCUN Y, BOSER B, DENKER J S, et al. Backpropagation applied to handwritten zip code recognition[J]. Neural Computation, 1989, 1(4): 541-551. |
11 | STERGIOU A, POPPE R, KALLIATAKIS G. Refining activation downsampling with SoftPool[C]// Proceedings of the 2021 IEEE/CVF International Conference on Computer Vision. Piscataway: IEEE, 2021: 10337-10346. |
12 | CHO K, VAN MERRIENBOER B, GULCEHRE C, et al. Learning phrase representations using RNN encoder-decoder for statistical machine translation[EB/OL]. (2024-06-05) [2023-08-01]. . |
13 | LIU C, GU Z, WANG J. A hybrid intrusion detection system based on scalable K-means+ random forest and deep learning[J]. IEEE Access, 2021, 9: 75729-75740. |
14 | XIAO Y, XING C, ZHANG T, et al. An intrusion detection model based on feature reduction and convolutional neural networks[J]. IEEE Access, 2019, 7: 42210-42219. |
15 | KORONIOTIS N, MOUSTAFA N, SITNIKOVA E, et al. Towards developing network forensic mechanism for botnet activities in the IoT based on machine learning techniques[C]// Proceedings of the 9th International Conference on Mobile Networks and Management. Cham: Springer, 2018: 30-44. |
16 | MOUSTAFA N, CREECH G, SITNIKOVA E, et al. Collaborative anomaly detection framework for handling big data of cloud computing[C]// Proceedings of the 2017 Military Communications and Information Systems Conference. Piscataway: IEEE, 2017: 1-6. |
17 | RAVALE U, MARATHE N, PADIVA P. Feature selection based hybrid anomaly intrusion detection system using K-means and RBF kernel function[J]. Procedia Computer Science, 2015, 45: 428-435. |
18 | CHAWLA N V, BOWYER K W, HALL L O, et al. SMOTE: synthetic minority over-sampling technique[J]. Journal of Artificial Intelligence Research, 2002, 16(1): 321-357. |
19 | HAN H, WANG W-Y, MAO B-H. Borderline-SMOTE: a new over-sampling method in imbalanced data sets learning[C]// Proceedings of the 2005 International Conference on Intelligent Computing. Cham: Springer, 2005: 878-887. |
20 | ZHANG H, HUANG L, WU C Q, et al. An effective convolutional neural network based on SMOTE and Gaussian mixture model for intrusion detection in imbalanced dataset[J]. Computer Networks, 2020, 177: 107315. |
21 | 夏景明,李冲,谈玲,等.改进的随机森林分类器网络入侵检测方法[J].计算机工程与设计, 2019, 40(8): 2146-2150. |
XIA J M, LI C, TAN L, et al. Improved random forest classifier network intrusion detection method [J].Computer Engineering and Design, 2019, 40(8): 2146-2150. | |
22 | HOOSHMAND M K, HUCHAIAH M D. Network intrusion detection with 1D convolutional neural networks[J]. Digital Technologies Research and Applications, 2022, 1(2): 25-34. |
23 | LIN Y, WANG J, TU Y, et al. Time-related network intrusion detection model: a deep learning method[C]// Proceedings of the 2019 IEEE Global Communications Conference. Piscataway: IEEE, 2019: 1-6. |
[1] | Dongwei WANG, Baichen LIU, Zhi HAN, Yanmei WANG, Yandong TANG. Deep network compression method based on low-rank decomposition and vector quantization [J]. Journal of Computer Applications, 2024, 44(7): 1987-1994. |
[2] | Yangyi GAO, Tao LEI, Xiaogang DU, Suiyong LI, Yingbo WANG, Chongdan MIN. Crowd counting and locating method based on pixel distance map and four-dimensional dynamic convolutional network [J]. Journal of Computer Applications, 2024, 44(7): 2233-2242. |
[3] | Mengyuan HUANG, Kan CHANG, Mingyang LING, Xinjie WEI, Tuanfa QIN. Progressive enhancement algorithm for low-light images based on layer guidance [J]. Journal of Computer Applications, 2024, 44(6): 1911-1919. |
[4] | Jianjing LI, Guanfeng LI, Feizhou QIN, Weijun LI. Multi-relation approximate reasoning model based on uncertain knowledge graph embedding [J]. Journal of Computer Applications, 2024, 44(6): 1751-1759. |
[5] | Min SUN, Qian CHENG, Xining DING. CBAM-CGRU-SVM based malware detection method for Android [J]. Journal of Computer Applications, 2024, 44(5): 1539-1545. |
[6] | Mingzhu LEI, Hao WANG, Rong JIA, Lin BAI, Xiaoying PAN. Oversampling algorithm based on synthesizing minority class samples using relationship between features [J]. Journal of Computer Applications, 2024, 44(5): 1428-1436. |
[7] | Wenshuo GAO, Xiaoyun CHEN. Point cloud classification network based on node structure [J]. Journal of Computer Applications, 2024, 44(5): 1471-1478. |
[8] | Lin GAO, Yu ZHOU, Tak Wu KWONG. Evolutionary bi-level adaptive local feature selection [J]. Journal of Computer Applications, 2024, 44(5): 1408-1414. |
[9] | Jie WANG, Hua MENG. Image classification algorithm based on overall topological structure of point cloud [J]. Journal of Computer Applications, 2024, 44(4): 1107-1113. |
[10] | Tianhua CHEN, Jiaxuan ZHU, Jie YIN. Bird recognition algorithm based on attention mechanism [J]. Journal of Computer Applications, 2024, 44(4): 1114-1120. |
[11] | Lijun XU, Hui LI, Zuyang LIU, Kansong CHEN, Weixuan MA. 3D-GA-Unet: MRI image segmentation algorithm for glioma based on 3D-Ghost CNN [J]. Journal of Computer Applications, 2024, 44(4): 1294-1302. |
[12] | Yongfeng DONG, Jiaming BAI, Liqin WANG, Xu WANG. Chinese named entity recognition combining prior knowledge and glyph features [J]. Journal of Computer Applications, 2024, 44(3): 702-708. |
[13] | Dapeng XU, Xinmin HOU. Feature selection method for graph neural network based on network architecture design [J]. Journal of Computer Applications, 2024, 44(3): 663-670. |
[14] | Shengjie MENG, Wanjun YU, Ying CHEN. Feature selection algorithm for high-dimensional data with maximum correlation and maximum difference [J]. Journal of Computer Applications, 2024, 44(3): 767-771. |
[15] | Lin SUN, Menghan LIU. K-means clustering based on adaptive cuckoo optimization feature selection [J]. Journal of Computer Applications, 2024, 44(3): 831-841. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||