基于双重注意力的入侵检测系统

doi:10.3969/j.issn.1671-1122.2022.01.010

信息网络安全 ›› 2022, Vol. 22 ›› Issue (1): 80-86.doi: 10.3969/j.issn.1671-1122.2022.01.010

基于双重注意力的入侵检测系统

刘烁, 张兴兰()

北京工业大学信息学部,北京 100124

收稿日期:2021-08-08 出版日期:2022-01-10 发布日期:2022-02-16
通讯作者: 张兴兰 E-mail:zhangxinglan@bjut.edu.cn
作者简介:刘烁（1997—）,女,山东,硕士研究生,主要研究方向为机器学习和入侵检测;|张兴兰（1970—）,女,山西,教授,博士,主要研究方向为密码学和安全协议
基金资助:
国家自然科学基金(61801008)

Intrusion Detection System Based on Dual Attention

LIU Shuo, ZHANG Xinglan()

Department of Information, Beijing University of Technology, Beijing 100124, China

Received:2021-08-08 Online:2022-01-10 Published:2022-02-16
Contact: ZHANG Xinglan E-mail:zhangxinglan@bjut.edu.cn

摘要/Abstract

摘要：

在当今互联网飞速发展的时代,人们在网络中信息交互的次数日益增多,使得网络安全显得尤为重要。文章以增强模型检测异常流量的能力为研究目的,提出一种基于注意力机制的胶囊网络模型。在特征提取阶段和动态路由阶段分别融入注意力机制,增强了模型提取关键特征的能力,提升了在入侵检测任务中的准确率。在NSL-KDD数据集和CICDS2017数据集进行实验,结果表明文章所提模型在泛化能力方面高于其他模型,在CICIDS2017的测试集上,准确率达97.56%;在NSL-KDD的测试集上,准确率可达95.88%。相较于其他传统常用的入侵检测模型,效率有显著提升。

关键词: 深度学习, 入侵检测, 胶囊网络, 注意力机制

Abstract:

In the era of rapid development of the Internet, the number of people interacting with each other on the Internet is increasing, making network security particularly important. This paper aimed to enhance the model's ability to detect abnormal traffic, and proposed a capsule network model based on the attention mechanism. In the feature extraction stage and the dynamic routing stage, the attention mechanism was incorporated to enhance the model's ability to extract key features and improve the accuracy of intrusion detection tasks. Through experiments on the NSL-KDD data set and the CICDS2017 data set, experimental results show that the model in this paper is higher than other models in terms of generalization ability, and the accuracy rate on the CICIDS2017 test set has reached 97.56%. The accuracy of the NSL-KDD test set can reach 95.88%, which is significantly more efficient than other traditional intrusion detection models.

Key words: deep learning, intrusion detection, capsule network, attention mechanism

中图分类号:

TP309

刘烁, 张兴兰. 基于双重注意力的入侵检测系统[J]. 信息网络安全, 2022, 22(1): 80-86.

LIU Shuo, ZHANG Xinglan. Intrusion Detection System Based on Dual Attention[J]. Netinfo Security, 2022, 22(1): 80-86.

图/表 7

图1

图2

图3

表1

表2

表3

表4

参考文献 17

[1]	AMOURI A, ALAPARTHY V T, MORGERA S D. A Machine Learning Based Intrusion Detection System for Mobile Internet of Things[J]. Sensors, 2020, 20(2):461-476. doi: 10.3390/s20020461 URL
[2]	GAMAGE S, SAMARABANDU J. Deep Learning Methods in Network Intrusion Detection: A Survey and an Objective Comparison[J]. Journal of Network and Computer Applications, 2020, 169(1):767-788.
[3]	BHUYAN M H, BHATTACHARYYA D K, KALITA J K. Network Anomaly Detection: Methods, Systems and Sztools[J]. IEEE Communications Surveys Tutorials, 2014, 16(1):303-336. doi: 10.1109/SURV.2013.052213.00046 URL
[4]	ZHANG G P. Neural Networks for Classification: A Survey[J]. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 2000, 30(4):451-462. doi: 10.1109/5326.897072 URL
[5]	YIN Chuanlong, ZHU Yuefei, FEI Jinlong, et al. A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks[J]. IEEE Access, 2017, 17(5):21954-21961.
[6]	ZHANG Yong, XU Chen, JIN Lei, et al. Network Intrusion Detection: Based on Deep Hierarchical Network and Original Flow Data[J]. IEEE Access, 2019, 10(7):37004-37016.
[7]	LI Zhipeng, QIN Zheng, HUANG Kai, et al. Intrusion Detection Using Convolutional Neural Networks for Representation Learning[C]//ICONIP. 24th International Conference on Neural Information Processing, November 14-18, 2017, Guangzhou, China. Berlin: Springer, Cham, 2017: 858-866.
[8]	SABOUR S, FROSST N, HINTON G E. Dynamic Routing Between Capsules[C]//NIPS. Proceedings of the 31st International Conference on Neural Information Processing Systems, December 4-9, 2017, California, USA. New York: NIPS Proceeding, 2017: 3856-3866.
[9]	YANG Jucheng, HAN Shujie, MAO Lei, et al. Overview of Capsule Network Model[J]. Journal of Shandong University (Engineering Science Edition), 2019, 49(6):1-10.
	杨巨成, 韩书杰, 毛磊, 等. 胶囊网络模型综述[J]. 山东大学学报(工学版), 2019, 49(6):1-10.
[10]	ZHU Zhangli, RAO Yuan, WU Yuan, et al. Research Progress of Attention Mechanism in Deep Learning[J]. Journal of Chinese Information Processing, 2019, 33(6):1-11.
	朱张莉, 饶元, 吴渊, 等. 注意力机制在深度学习中的研究进展[J]. 中文信息学报, 2019, 33(6):1-11.
[11]	DZMITRY B, KYUNGHYUN C, YOSHUA B. Neural Machine Translation by Jointly Learning to Align and Translate[EB/OL]. https://arxiv.org/abs/1409.0473, 2021-01-26.
[12]	DOSOVITSKIY A, BEYER L, KOLESNIKOV A, et al. An Image is Worth 16×16 Words: Transformers for Image Recognition at Scale[EB/OL]. https://arxiv.org/abs/2010, 2021-02-20.
[13]	YAO-HUNG H T, NITISH S, HANLIN G, et al. Capsules with Inverted Dot-product Attention Routing[EB/OL]. https://arxiv.org/abs/2002.04764, 2021-03-26.
[14]	WANG Qian, WANG Cheng, FENG Zhenyuan, et al. Summary of K-means Clustering Algorithm Research[J]. Electronic Design Engineering, 2012, 20(7):21-24.
	王千, 王成, 冯振元, 等. K-means聚类算法研究综述[J]. 电子设计工程, 2012, 20(7):21-24.
[15]	UNB. NSL-KDD[EB/OL]. https://www.unb.ca/cic/datasets/nsl, 2021-03-28.
[16]	UNB. CICIDS 2017[EB/OL]. https://www.unb.ca/cic/datasets/ids-2017, 2021-03-29.
[17]	TAVALLAEE M, BAGHERI E, LU W, et al. A Detailed Analysis of the KDD CUP 99 Data Set[C]//IEEE. Proceedings of the Second IEEE International Conference on Computational Intelligence for Security and Defense Applications, July 8-10, 2009, Ottawa, Canada. Piscataway: IEEE, 2009: 53-58.

数据集	Normal/条	DoS/条	Probe/条	U2R/条	R2L/条	Total/条
NSL-KDDTrain+	67343	45927	11656	52	955	125973
NSL-KDDTest+	9711	7458	2421	200	2754	22544
NSL-KDDTest-21	2152	4342	2402	200	2754	11850

时间	事件类型
Monday	Benign（良性流量）
Tuesday	Brute Force, FTP-Patator, SSH-Patator
Wednesday	DoS, DdoS, DoS slowloris, DoS slowhttptest, DoS Hulk, DoS GoldenEye
Thursday	Web Attack-Brute Force, Web Attack-XSS, Web Attack-Sql Injection, Infiltration
Friday	Botnet, PortScans(sS, sT, sF, sX, sN, sP, sV, sU, sO, sA, sW, sR, sL and B), DDoS

模型	训练集		测试集
模型	$AC$	$F1$	$AC$	$F1$
CNN	98.20%	98.16%	93.01%	93.03%
RNN	97.85%	98.87%	92.43%	92.51%
原胶囊网络	98.53%	98.61%	94.72%	94.03%
本文模型	98.95%	98.94%	95.88%	95.87%

模型	训练集		测试集
模型	$AC$	$F1$	$AC$	$F1$
CNN	97.37%	97.42%	96.16%	96.08%
RNN	96.18%	96.23%	93.86%	92.95%
原胶囊网络	97.66%	97.67%	96.88%	96.90%
本文模型	98.33%	98.37%	97.56%	97.74%

基于双重注意力的入侵检测系统

Intrusion Detection System Based on Dual Attention

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 17

相关文章 15

编辑推荐

Metrics

本文评价

[1]	张光华, 闫风如, 张冬雯, 刘雪峰. 基于LSTM-Attention的内部威胁检测模型[J]. 信息网络安全, 2022, 22(2): 1-10.
[2]	白宏鹏, 邓东旭, 许光全, 周德祥. 基于联邦学习的入侵检测机制研究[J]. 信息网络安全, 2022, 22(1): 46-54.
[3]	何红艳, 黄国言, 张炳, 贾大苗. 基于极限树特征递归消除和LightGBM的异常检测模型[J]. 信息网络安全, 2022, 22(1): 64-71.
[4]	朱新同, 唐云祁, 耿鹏志. 基于特征融合的篡改与深度伪造图像检测算法[J]. 信息网络安全, 2021, 21(8): 70-81.
[5]	李群, 董佳涵, 关志涛, 王超. 一种基于聚类分类的物联网恶意攻击检测方法[J]. 信息网络安全, 2021, 21(8): 82-90.
[6]	任涛, 金若辰, 罗咏梅. 融合区块链与联邦学习的网络入侵检测算法[J]. 信息网络安全, 2021, 21(7): 27-34.
[7]	路宏琳, 王利明. 面向用户的支持用户掉线的联邦学习数据隐私保护方法[J]. 信息网络安全, 2021, 21(3): 64-71.
[8]	杜晔, 王子萌, 黎妹红. 基于优化核极限学习机的工控入侵检测方法[J]. 信息网络安全, 2021, 21(2): 1-9.
[9]	王华忠, 程奇. 基于改进鲸鱼算法的工控系统入侵检测研究[J]. 信息网络安全, 2021, 21(2): 53-60.
[10]	代翔, 孙海春, 牛硕, 朱容辰. 融合互注意力机制与BERT的中文问答匹配技术研究[J]. 信息网络安全, 2021, 21(12): 102-108.
[11]	马瑞, 蔡满春, 彭舒凡. 一种基于改进的Xception网络的深度伪造视频检测模型[J]. 信息网络安全, 2021, 21(12): 109-117.
[12]	潘孝勤, 杜彦辉. 基于混合特征和多通道GRU的伪造语音鉴别方法[J]. 信息网络安全, 2021, 21(10): 1-7.
[13]	徐国天, 盛振威. 基于融合CNN与LSTM的DGA恶意域名检测方法[J]. 信息网络安全, 2021, 21(10): 41-47.
[14]	沈也明, 李贝贝, 刘晓洁, 欧阳远凯. 基于主动学习的工业互联网入侵检测研究[J]. 信息网络安全, 2021, 21(1): 80-87.
[15]	李桥, 龙春, 魏金侠, 赵静. 一种基于LMDR和CNN的混合入侵检测模型[J]. 信息网络安全, 2020, 20(9): 117-121.