Journal of Computer Applications ›› 2019, Vol. 39 ›› Issue (3): 769-773.DOI: 10.11772/j.issn.1001-9081.2018071627

Previous Articles     Next Articles

Intrusion detection based on improved sparse denoising autoencoder

GUO Xudong, LI Xiaomin, JING Ruxue, GAO Yuzhuo   

  1. College of Information Engineering, Ningxia University, Yinchuan Ningxia 750000, China
  • Received:2018-08-06 Revised:2018-09-12 Online:2019-03-10 Published:2019-03-11
  • Contact: 高玉琢
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (71561023).

基于改进的稀疏去噪自编码器的入侵检测

郭旭东, 李小敏, 敬如雪, 高玉琢   

  1. 宁夏大学 信息工程学院, 银川 750000
  • 作者简介:郭旭东(1993-),男,陕西榆林人,硕士研究生,CCF会员,主要研究方向:机器学习、计算机网络、信息安全;李小敏(1991-),女,陕西宝鸡人,硕士研究生,CCF会员,主要研究方向:计算机网络、信息安全;敬如雪(1993-),女,甘肃庆阳人,硕士研究生,主要研究方向:计算机网络、信息安全;高玉琢(1961-),男,内蒙古赤峰人,教授,博士,主要研究方向:信息安全、大数据。
  • 基金资助:
    国家自然科学基金资助项目(71561023)。

Abstract: In order to solve the problem that traditional intrusion detection methods can not effectively solve instrusion data in high-dimensional networks, an intrusion detection method based on Stacked Sparse Denosing Autoencoder (SSDA) network was proposed. Firstly, SSDA was used to perform dimensionality reduction on the intrusion data. Then, the highly abstracted low-dimensional data was used as input data of softmax classifier to realize intrusion detection. Finally, in order to improve original intrusion data decoding ability of the network and intrusion detection ability of the model, an Improved model based on SSDA (ISSDA) was proposed, with new constraints added to the autoencoder. The experimental results show that compared with SSDA, ISSAD's detection accuracy of four types of attacks was improved by about 5%, and the false positive rate of ISSAD was also effectively reduced.

Key words: autoencoder network, sparse denoising, intrusion detection, feature reduction, softmax

摘要: 针对传统浅层的入侵检测方法无法有效解决高维网络入侵数据的问题,提出了一种基于堆叠稀疏去噪自编码器(SSDA)的入侵检测方法。首先,利用SSDA对入侵数据进行降维操作;然后,将高度抽象后的低维数据作为输入,利用softmax分类器进行入侵检测;最后,又在SSDA方法的基础之上提出了一种改进模型(ISSDA),即在传统稀疏去噪自编码器的基础上增加新的约束条件,以此来提高深度网络对原始入侵数据的解码能力以及模型的入侵检测性能。实验结果证明,ISSDA方法与SSDA方法相比,对4种类型的攻击的检测准确率提高了将近5%,也有效地降低了误报率。

关键词: 自编码网络, 稀疏去噪, 入侵检测, 特征降维, softmax

CLC Number: