贝叶斯优化的DAE-MLP恶意流量识别模型

doi:10.3969/j.issn.1671-1122.2025.09.014

摘要/Abstract

摘要：

随着互联网技术的迅猛发展，网络安全问题愈发凸显，其中恶意流量已成为网络安全领域亟需解决的关键问题之一。文章首先对NSL-KDD、CSIC 2010和CICIDS2017等网络入侵检测数据集进行预处理和融合，构建成新的研究数据集；然后，基于深度自编码器（DAE）的恶意流量特征提取算法，提取出具有较强鲁棒性的流量特征，并通过贝叶斯优化调整基于DAE-MLP的恶意流量识别算法的超参数；最后，对多种典型的机器学习和深度学习模型进行比较实验与分析。实验结果表明，相较于传统的机器学习和深度学习模型，文章提出的恶意流量识别模型具有更强的数据表示和自动特征学习能力，计算复杂度较低，可以更好地捕捉数据中的复杂模式，并具备一定的可解释性。

关键词: 恶意流量识别, 融合模型, 特征提取, 入侵检测, 深度学习

Abstract:

With the rapid development of Internet technology, the issue of network security has become increasingly serious, and malicious traffic has emerged as a significant problem in the field of network security. This paper first preprocessed and fused the NSL-KDD, CSIC 2010, and CICIDS2017 network intrusion detection datasets to form the research dataset for this study. Then, it investigated a malicious traffic feature extraction algorithm based on DAE, which effectively extracted traffic features with strong robustness. The hyperparameters of the malicious traffic identification algorithm based on DAE-MLP were optimized and adjusted using bayesian optimization. Comparative experimental analyses were conducted on several typical machine learning and deep learning algorithms. Compared with traditional machine learning and deep learning methods, the malicious traffic identification method proposed in this paper has stronger data representation and automatic feature learning capabilities, lower computational complexity, and can better capture complex patterns in the data, while also being interpretable.

Key words: malicious traffic identification, fusion model, feature extraction, intrusion detection, deep learning

中图分类号:

TP309

王新猛, 陈俊雹, 杨一涛, 李文瑾, 顾杜娟. 贝叶斯优化的DAE-MLP恶意流量识别模型[J]. 信息网络安全, 2025, 25(9): 1465-1472.

WANG Xinmeng, CHEN Junbao, YANG Yitao, LI Wenjin, GU Dujuan. Bayesian Optimized DAE-MLP Malicious Traffic Identification Model[J]. Netinfo Security, 2025, 25(9): 1465-1472.

图/表 14

表1

表2

图1

表3

表4

表5

图2

图3

表6

表7

表8

图4

表9

表10

参考文献 15

[1]	MASEER Z K, YUSOF R, BAHAMAN N, et al. Benchmarking of Machine Learning for Anomaly Based Intrusion Detection Systems in the CICIDS2017 Dataset[J]. IEEE Access, 2021, 9: 22351-22370.
[2]	SANCHEZ O R, REPETTO M, CARREGA A, et al. Evaluating ML-Based DDoS Detection with Grid Search Hyperparameter Optimization[C]// IEEE. 2021 IEEE 7th International Conference on Network Softwarization. New York: IEEE, 2021: 402-408.
[3]	ELSAYED M S, LE-KHAC N A, DEV S, et al. DDoSNet: A Deep-Learning Model for Detecting Network Attacks[C]// IEEE. IEEE 21st International Symposium on a World of Wireless, Mobile and Multimedia Networks. New York: IEEE, 2020: 391-396.
[4]	SADAF K, SULTANA J. Intrusion Detection Based on Autoencoder and Isolation Forest in Fog Computing[J]. IEEE Access, 2020, 8: 167059-167068.
[5]	AMIRI F, YOUSEFI M R, LUCAS C, et al. Mutual Information-Based Feature Selection for Intrusion Detection Systems[J]. Journal of Network and Computer Applications, 2011, 34(4): 1184-1199.
[6]	MUKHERJEE S, SHARMA N. Intrusion Detection Using Naive Bayes Classifier with Feature Reduction[J]. Procedia Technology, 2012, 4: 119-128.
[7]	RAO B B, SWATHI K. Fast KNN Classifiers for Network Intrusion Detection System[J]. Indian Journal of Science and Technology, 2017, 10(14): 1-10.
[8]	THASEEN I S, KUMAR C A. Intrusion Detection Model Using Fusion of PCA and Optimized SVM[C]// IEEE. 2014 International Conference on Contemporary Computing and Informatics. New York: IEEE, 2014: 879-884.
[9]	CAO Yangchen, ZHU Guosheng, QI Xiaoyun, et al. Research on Intrusion Detection Classification Based on Random Forest[J]. Computer Science, 2021, 48(S1): 459-463.
	曹扬晨, 朱国胜, 祁小云, 等. 基于随机森林的入侵检测分类研究[J]. 计算机科学, 2021, 48(S1): 459-463.
[10]	FAN Yuchen. Research on Intrusion Detection Based on Deep Learning and Association Rules[D]. Beijing: China Academy of Railway Sciences Corporation Limited, 2022.
	范禹辰. 基于深度学习和关联规则的入侵检测研究[D]. 北京: 中国铁道科学研究院, 2022.
[11]	HOU Yuluo. Research on Malicious HTTP Request Detection Based on Machine Learning[D]. Chengdu: University of Electronic Science and Technology of China, 2022.
	侯禹洛. 基于机器学习的恶意HTTP请求检测研究[D]. 成都: 电子科技大学, 2022.
[12]	GONG Xinyu. Research on Deeplearning Based Web Attack Detection[D]. Shanghai: Shanghai Jiao Tong University, 2020.
	龚昕宇. 基于深度学习的Web攻击检测研究[D]. 上海: 上海交通大学, 2020.
[13]	VARTOUNI A M, KASHI S S, TESHNEHLAB M. An Anomaly Detection Method to Detect Web Attacks Using Stacked Auto-Encoder[C]// IEEE. 2018 6th Iranian Joint Congress on Fuzzy and Intelligent Systems. New York: IEEE, 2018: 131-134.
[14]	CHAKIR O, REHAIMI A, SADQI Y, et al. An Empirical Assessment of Ensemble Methods and Traditional Machine Learning Techniques for Web-Based Attack Detection in Industry 5.0[J]. Journal of King Saud University-Computer and Information Sciences, 2023, 35(3): 103-119.
[15]	KAMAL H, MASHALY M. Advanced Hybrid Transformer-CNN Deep Learning Model for Effective Intrusion Detection Systems with Class Imbalance Mitigation Using Resampling Techniques[EB/OL]. (2024-12-23)[2025-06-01]. https://doi.org/10.3390/fi16120481.

protocol_type_icmp	protocol_type_tcp	flag_SF	…
0	1	0	…
0	1	1	…
1	0	1	…
0	1	0	…
0	1	1	…
0	1	1	…

flag_SF	duration	src_bytes	dst_bytes
0	0	0	0
1	2	12983	0
1	0	20	0
0	1	0	15
1	0	267	14515
1	0	1022	387

模块	层类型	参数说明	输入/输出
DAE	加噪层	σ=0.3高斯噪声	原始输入（n=121）
	编码器	FC层：[121→64→30]、ReLU	低维特征（d=30）
	解码器	FC层：[30→64→121]、ReLU	重建输出（n=121）
MLP	输入层	接收DAE特征（d=30）	输入层
	隐藏层1	256神经元、ReLU、Dropout=0.5	—
	隐藏层2	128神经元、ReLU	—
	输出层	5神经元、Softmax	攻击类型分类

参数	取值	选择依据
噪声分布	N(0,σ2)	对称分布不引入偏差，零均值保持原始数据中心性
噪声标准差σ	0.3	基于特征尺度分析，约占特征动态范围的30%
噪声范围	全局添加	对所有输入特征施加相同强度噪声，避免选择性扰动导致的局部过适应
特征裁剪	[0,1]	匹配输入特征的归一化范围，防止噪声破坏数据结构

优化方法	计算复杂度	是否适配本文
网格搜索	$O({{k}^{d}})$	否（维度灾难）
随机搜索	$O\left( n \right)$	部分适配（收敛慢）
BO	$O({{n}^{2}})$	是