一种基于LMDR和CNN的混合入侵检测模型

doi:10.3969/j.issn.1671-1122.2020.09.024

信息网络安全 ›› 2020, Vol. 20 ›› Issue (9): 117-121.doi: 10.3969/j.issn.1671-1122.2020.09.024

一种基于LMDR和CNN的混合入侵检测模型

李桥¹^,², 龙春¹^,²(), 魏金侠², 赵静²

1. 中国科学院大学,北京101408
2. 中国科学院计算机网络信息中心,北京 100080

收稿日期:2020-07-16 出版日期:2020-09-10 发布日期:2020-10-15
通讯作者: 龙春 E-mail:anquanip@cnic.cn
作者简介:李桥（1991—）,男,天津,硕士研究生,主要研究方向为网络空间安全|龙春（1979—）,男,湖北,高级工程师,博士,主要研究方向为网络空间安全|魏金霞（1987—）,女,河北,高级工程师,博士,主要研究方向为网络空间安全|赵静（1987—）,女,甘肃,高级工程师,博士,主要研究方向为网络空间安全
基金资助:
中国科学院信息化专项(XXH13507);中国科学院信息化专项(XXH13513-07)

A Hybrid Model of Intrusion Detection Based on LMDR and CNN

LI Qiao¹^,², LONG Chun¹^,²(), WEI Jinxia², ZHAO Jing²

1. University of Chinese Academy of Sciences, Beijing 101408, China
2. Computer Network Information Center, Chinese Academy of Sciences, Beijing 100080, China

Received:2020-07-16 Online:2020-09-10 Published:2020-10-15
Contact: Chun LONG E-mail:anquanip@cnic.cn

摘要/Abstract

摘要：

随着网络安全技术的飞速发展和大数据技术的广泛应用,传统的机器学习模型已难以满足大数据环境下高效入侵检测的要求。针对原始数据集特征不够明显的情况,利用卷积神经网络进行大数据特征提取与数据分析的优势,文章提出一种基于对数边际密度比（Logarithm Marginal Density Ratio,LMDR）和卷积神经网络(Convotional Neural Network,CNN)的混合入侵检测模型。该模型相较于现有传统的机器学习算法和神经网络模型,能够更充分挖掘数据特征间的联系,有效提高分类准确率并降低误报率。

关键词: 入侵检测, 对数边际密度比（LMDR）, 卷积神经网络（CNN）, 数据挖掘

Abstract:

With the rapid development of network security technology and the big data technology, the traditional machine learning model has been difficult to meet the requirements of efficient intrusion detection in big data environment. For this reason, considering the advantages of convolutional neural network in feature extraction and data analysis, this paper proposed a mixed intrusion detection model based on logarithm marginal density ratio and convolutional neural network in view of the fact that the characteristics of the original dataset was not obvious enough. Compared with the traditional machine learning algorithm and neural network model, our hybrid model can make full use of the relationship between features for feature enhancement, and effectively improve the classification accuracy and reduce the false alarm rate.

Key words: intrusion detection, logarithm marginal density ratio, convotional neural network, data mining

中图分类号:

TP309

李桥, 龙春, 魏金侠, 赵静. 一种基于LMDR和CNN的混合入侵检测模型[J]. 信息网络安全, 2020, 20(9): 117-121.

LI Qiao, LONG Chun, WEI Jinxia, ZHAO Jing. A Hybrid Model of Intrusion Detection Based on LMDR and CNN[J]. Netinfo Security, 2020, 20(9): 117-121.

图/表 4

参考文献 14

[1]	CHEN Lei, YUAN Yuan. Image Recognition of Agricultural Diseases Based on Deep Transfer Learning[J]. Frontiers of Data & Computing, 2020,2(2):111-119.
	陈雷, 袁媛. 基于深度迁移学习的农业病害图像识别[J]. 数据与计算发展前沿, 2020,2(2):111-119.
[2]	RAFFIE Z. A Mohd, MEGAT F. Zuhairi, AKIMI Z. A Shadil, et al. Anomaly-based NIDS: A Review of Machine Learning Methods on Malware Detection[C]// IEEE. 2017 International Conference on Information and Communication Technology Convergence,October 18-20, 2017, Jeju Island, Korea. New York: IEEE, 2017: 266-270.
[3]	LEVENT Koc, THOMAS A, Mazzuchi. A Network Intrusion Detection System Based on a Hidden Naive Bayes Multiclass Classifier[J]. Expert Systems with Application, 2012,39(18):13492-13500. doi: 10.1016/j.eswa.2012.07.009 URL
[4]	AN Wenjuan, LIANG Mangui. A New Intrusion Detection Method based on SVM with Minimum Within-class Scatter[J]. Security and Communication Networks, 2013,6(9):1-11. doi: 10.1002/sec.v6.1 URL
[5]	SIVA S, SIVATHA Sindhu, S. Geetha, et al. Decision Tree Based Light Weight Intrusion Detection Using a Wrapper Approach[J]. Expert Systems with Applications, 2012,39(1):129-141. doi: 10.1016/j.eswa.2011.06.013 URL
[6]	ARUNA Jamdagni, TAN Zhiyuan, HE Xiangjian, et al. RePIDS: A Multi Tier Real-time Payload-based Intrusion Detection System[J]. Computer Networks, 2013,57(3):811-824. doi: 10.1016/j.comnet.2012.10.002 URL
[7]	HINTON G, SALAKHUTDINOV R. Reducing the Dimensionality of Data with Neural Networks[J]. Science, 2006,313(5786):504-507. doi: 10.1126/science.1127647 URL pmid: 16873662
[8]	MATIN W, NASIM Z, AHMED N, et al. Artificial Neural Network based System for Intrusion Detection using Clustering on Different Feature Selection[J]. International Journal of Computer Applications, 2015,126(12):21-28.
[9]	LIN Steven Z, SHI Yong, XUE Zhi. Character-level Intrusion Detection based on Convolutional Neural Networks[C]// IEEE. 2018 International Joint Conference on Neural Networks (IJCNN), July 8-13, 2018, Rio de Janeiro, Brazil. New York: IEEE, 2018: 1-8.
[10]	LISEHROODI, MAZYAR Mohammadi, MUDA, et al. A Hybrid Framework based on Neural Network MLP and Means Clustering for Intrusion Detection System[C]// IEEE. 4th International Conference on Computing and Informatics(ICOCI), August 28-30, 2013,Sarawak, Malaysia. NewYork: IEEE, 2013: 305-311.
[11]	YU Yizhou, MA Jiechao, SHI Dejun, et al. Application of Deep Learning in Medical Imaging Analysis: A Survey[J]. Frontiers of Data & Computing, 2019,1(2):37-52.
	俞益洲, 马杰超, 石德君, 等. 深度学习在医学影像分析中的应用综述[J]. 数据与计算发展前沿, 2019,1(2):37-52.
[12]	CHEN L S, SYU J S. Feature Extraction based Approaches for Improving the Performance of Intrusion Detection Systems[C]// International Association of Engineers. The International Multiconference of Engineers and Computer Scientists, March 18-20, 2015, Hong Kong,China. United Kingdom: IET INSPEC, 2015: 1-6.
[13]	FAN Jianqing, FENG Yan, JIANG Jianchen, et al. Feature Augmentation via Nonparametrics and Selection (FANS) in High-Dimensional Classification[J]. Journal of the American Statistical Association, 2016,111(513):275-287. doi: 10.1080/01621459.2015.1005212 URL pmid: 27185970
[14]	REVATHI S, MALATHI A. A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection[J]. International Journal of Engineering Research & Technology, 2013,2(13):1848-1853.

	Accuracy/%	DR/%	FAR/%
SVM	96.75	92.97	1.48
随机森林	99.06	98.76	0.45
朴素贝叶斯	93.35	90.29	2.58
LMDRT-SVM	99.31	99.20	0.6
LMDR-CNN(9*9)	99.49	99.41	0.39

	Accuracy/%	DR/%	FAR/%
CNN(1×41)	98.07	97.79	1.70
CNN(RF,9×9)	99.03	98.98	0.73
LMDR-CNN(1×41)	99.09	98.99	0.45
LMDR-CNN(RF,9×9)	99.49	99.41	0.39

[1]	徐国天. 网络入侵检测中K近邻高速匹配算法研究[J]. 信息网络安全, 2020, 20(8): 71-80.
[2]	姜楠, 崔耀辉, 王健, 吴晋超. 基于上下文特征的IDS告警日志攻击场景重建方法[J]. 信息网络安全, 2020, 20(7): 1-10.
[3]	张晓宇, 王华忠. 基于改进Border-SMOTE的不平衡数据工业控制系统入侵检测[J]. 信息网络安全, 2020, 20(7): 70-76.
[4]	彭中联, 万巍, 荆涛, 魏金侠. 基于改进CGANs的入侵检测方法研究[J]. 信息网络安全, 2020, 20(5): 47-56.
[5]	王蓉, 马春光, 武朋. 基于联邦学习和卷积神经网络的入侵检测方法[J]. 信息网络安全, 2020, 20(4): 47-54.
[6]	罗文华, 许彩滇. 基于改进MajorClust聚类的网络入侵行为检测[J]. 信息网络安全, 2020, 20(2): 14-21.
[7]	康健, 王杰, 李正旭, 张光妲. 物联网中一种基于多种特征提取策略的入侵检测模型[J]. 信息网络安全, 2019, 19(9): 21-25.
[8]	冯文英, 郭晓博, 何原野, 薛聪. 基于前馈神经网络的入侵检测模型[J]. 信息网络安全, 2019, 19(9): 101-105.
[9]	饶绪黎, 徐彭娜, 陈志德, 许力. 基于不完全信息的深度学习网络入侵检测[J]. 信息网络安全, 2019, 19(6): 53-60.
[10]	张蕾华, 牛红太, 王仲妮, 刘雪红. 基于大数据的前科人员犯罪预警模型构建研究[J]. 信息网络安全, 2019, 19(4): 82-89.
[11]	刘敬浩, 毛思平, 付晓梅. 基于ICA算法与深度神经网络的入侵检测模型[J]. 信息网络安全, 2019, 19(3): 1-10.
[12]	陈虹, 肖越, 肖成龙, 陈建虎. 融合最大相异系数密度的SMOTE算法的入侵检测方法[J]. 信息网络安全, 2019, 19(3): 61-71.
[13]	田峥, 李树, 孙毅臻, 黎曦. 一种面向S7协议的工控系统入侵检测模型[J]. 信息网络安全, 2019, 19(11): 8-13.
[14]	张阳, 姚原岗. 基于Xgboost算法的网络入侵检测研究[J]. 信息网络安全, 2018, 18(9): 102-105.
[15]	张戈琳, 李勇. 非负矩阵分解算法优化及其在入侵检测中的应用[J]. 信息网络安全, 2018, 18(8): 73-78.

一种基于LMDR和CNN的混合入侵检测模型

A Hybrid Model of Intrusion Detection Based on LMDR and CNN

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 14

相关文章 15

编辑推荐

Metrics

本文评价