基于图像凸包特征的CBAM-CNN网络入侵检测方法

doi:10.3969/j.issn.1671-1122.2024.09.010

摘要/Abstract

摘要：

针对入侵检测领域中多分类准确率较低和模型训练时间较长的问题，文章根据现有的基准数据集NSL-KDD的特点，提出一种新颖且有效的预处理方法。首先，对数据集进行字符特征数值化和归一化处理，并转化成RGB图像数据集；其次，使用Canny边缘检测算法提取图像数据集中的各种攻击类型的边缘特征，根据图像的边缘特征使用凸包算法构建凸包，并计算各类攻击的平均凸包面积、平均凸包周长和平均顶点数，将这3项指标作为RGB的3个通道，分别生成各种攻击类型的凸包特征图；再次，使用拉普拉斯金字塔图像特征融合算法将原始图像数据集与凸包特征图进行融合，构建包含凸包特征的图像数据集，并对训练集中的多数类样本采用随机欠采样，对少数类样本进行仿射变换，生成平衡训练集；最后，基于CBAM-CNN模型进行多分类实验。文章模型在NSL-KDD数据集上的准确率和F1分数分别达到了96.20%和86.71%，优于传统的网络入侵检测方法，且比其他深度学习模型具有更好的检测性能。

关键词: 入侵检测, 边缘特征, 凸包特征, 特征融合

Abstract:

To address the issues of low multi-class classification accuracy and lengthy model training time in the field of intrusion detection, this paper proposed a novel and effective preprocessing method based on the characteristics of the existing benchmark dataset NSL-KDD. Firstly, the dataset was numerically encoded and normalized based on character features, and then transformed into an RGB image dataset. Secondly, the Canny edge detection algorithm was employed to extract edge features of various attack types in the image dataset. Based on the edge features of the images, convex hulls were constructed using the convex hull algorithm, and the average convex hull area, average convex hull perimeter, and average number of vertices for each attack class were calculated. These three metrics were used as the RGB’s three channels to generate convex hull feature maps for various attack types. Thirdly, the laplacian pyramid image feature fusion algorithm was used to fuse the original image dataset with convex hull feature maps, creating an image dataset containing convex hull features. Majority class samples in the training set were randomly under-sampled, while minority class samples were subjected to affine transformations to generate a balanced training set. Finally, multi-class experiments were conducted based on the CBAM-CNN model. The accuracy and F1 score of this model on the NSL-KDD dataset reach 96.20% and 86.71%, respectively, outperforming traditional network intrusion detection methods and exhibiting better performance than other deep learning models.

Key words: intrusion detection, edge features, convex hull features, feature fusion

中图分类号:

TP309

刘联海, 黎汇业, 毛冬晖. 基于图像凸包特征的CBAM-CNN网络入侵检测方法[J]. 信息网络安全, 2024, 24(9): 1422-1431.

LIU Lianhai, LI Huiye, MAO Donghui. CBAM-CNN Network-Based Intrusion Detection Method Using Image Convex Hull Features[J]. Netinfo Security, 2024, 24(9): 1422-1431.

图/表 15

图1

图2

图3

图4

图5

图6

图7

图8

表1

表2

表3

表4

表5

表6

表7

参考文献 30

[1]	ALJABRI M, ALJAMEEL S S, MOHAMMAD R M A, et al. Intelligent Techniques for Detecting Network Attacks: Review and Research Directions[EB/OL]. (2021-06-09)[2024-02-25]. https://doi.org/10.3390/s21217070.
[2]	AMANOUL S V, ABDULAZEEZ A M. Intrusion Detection System Based on Machine Learning Algorithms: A Review[C]// IEEE.2022 IEEE 18th International Colloquium on Signal Processing & Applications (CSPA). New York: IEEE, 2022: 79-84.
[3]	THAKKAR, ANKIT, RITIKA L. Fusion of Statistical Importance for Feature Selection in Deep Neural Network-Based Intrusion Detection System[J]. Network Daily News, 2023: 353-363.
[4]	LI Shudong, JIANG Laiyuan, WANG Zhen, et al. A Malicious Mining Code Detection Method Based on Multi-Features Fusion[J]. IEEE Transactions on Network Science and Engineering, 2022: 2731-2739.
[5]	ALGHANAM O A, ALMOBAIDEEN W, SAADEH M, et al. An Improved PIO Feature Selection Algorithm for IoT Network Intrusion Detection System Based on Ensemble Learning[EB/OL]. (2023-08-12)[2024-02-25]. https://doi.org/10.1016/j.eswa.2022.118745.
[6]	WEN Tingke, XIAO Yuanxing, WANG Anqi, et al. A Novel Hybrid Feature Fusion Model for Detecting Phishing Scam on Ethereum Using Deep Neural Network[J]. Expert Systems with Applications, 2023, 211: 63-74.
[7]	AHMAD R S, ALI A H, KAZIM S M, et al. A GAF and CNN Based Wi-Fi Network Intrusion Detection System[C]// IEEE. IEEE INFOCOM 2023-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). New York: IEEE, 2023: 1-6.
[8]	KIM J, KIM J, KIM H, et al. CNN-Based Network Intrusion Detection against Denial-of-Service Attacks[EB/OL]. (2020-06-01)[2024-02-25]. https://doi.org/10.3390/electronics9060916.
[9]	SIDDIQI, MURTAZA A, WOOGUIL P. Tier-Based Optimization for Synthesized Network Intrusion Detection System[J]. IEEE Access, 2022: 108530-108544.
[10]	LIU Yang, KANG Jian, LI Yiran, et al. A Network Intrusion Detection Method Based on CNN and CBAM[C]// IEEE. 2021-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). New York: IEEE, 2021: 1-6.
[11]	WANG Zhen, FUAD A G. An Attention-Based Convolutional Neural Network for Intrusion Detection Model[J]. IEEE Access, 2023: 43116-43127.
[12]	SARHAN M, SIAMAK L, MARIUS P. Towards a Standard Feature Set for Network Intrusion Detection System Datasets[J]. Mobile Networks and Applications, 2022: 1-14.
[13]	WU Fangsheng, ZHU Changan, MW B, et al. Research on Image Text Recognition Based on Canny Edge Detection Algorithm and K-Means Algorithm[J]. International Journal of System Assurance Engineering and Management, 2022: 72-80.
[14]	LEI Chao, BU Siqi, ZHONG Jun, et al. Distribution Network Reconfiguration: A Disjunctive Convex Hull Approach[J]. IEEE Transactions on Power Systems, 2023: 5926-5929.
[15]	LUO Xing, FU Guizhong, YANG Jiangxin, et al. Multi-Modal Image Fusion via Deep Laplacian Pyramid Hybrid Network[J]. IEEE Transactions on Circuits and Systems for Video Technology, 2023: 7354-7369.
[16]	GHOSH K, SARKAR A, BANERJEE A, et al. Performance Improvement of Convolutional Neural Network Using Random under Sampling[C]// Springer. Advances in Smart Communication Technology and Information Processing:OPTRONIX 2020. Heidelberg: Springer, 2021: 207-217.
[17]	SAYED W S, RADWAN A G, FAHMY H, et al. Trajectory Control and Image Encryption Using Affine Transformation of Lorenz System[J]. Egyptian Informatics Journal, 2021: 155-166.
[18]	DHANABAL L, SHANTHARAJAH S P. A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms[J]. International Journal of Advanced Research in Computer and Communication Engineering, 2015, 4(6): 446-452.
[19]	MEENA G, CHOUDHARY R R. A Review Paper on IDS Classification Using KDD 99 and NSL KDD Dataset in WEKA[C]// IEEE. 2017 International Conference on Computer, Communications and Electronics (Comptelix). New York: IEEE, 2017: 553-558.
[20]	MOHAMMADPOUR L, LING T C, LIEW C S, et al. A Survey of CNN-Based Network Intrusion Detection[EB/OL]. (2022-05-23)[2024-02-27]. https://doi.org/10.3390/app12168162.
[21]	PFLUGFELDER D, SCHARR H. Practically Lossless Affine Image Transformation[J]. IEEE Transactions on Image Processing, 2020: 5367-5373.
[22]	HU Jianwei, LIU Chenshuo, CUI Yanpeng. An Improved CNN Approach for Network Intrusion Detection System[J]. International Journal of Network Security, 2021: 569-575.
[23]	ZHENG Shiji. Network Intrusion Detection Model Based on Convolutional Neural Network[C]// IEEE. 2021 IEEE 5th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC). New York: IEEE, 2021: 634-637.
[24]	ZHANG Xiaoqing, YANG Fei, HU Yue, et al. RANet: Network Intrusion Detection with Group-Gating Convolutional Neural Network[EB/OL]. (2022-07-03)[2024-02-27]. https://doi.org/10.1016/j.jnca.2021.103266.
[25]	ABDULGANIYU O H, TCHAKOUCHT T A, SAHEED Y K. A Systematic Literature Review for Network Intrusion Detection System (IDS)[J]. International Journal of Information Security, 2023: 1125-1162.
[26]	JIANG Kaiyuan, WANG Wenya, WANG Aili, et al. Network Intrusion Detection Combined Hybrid Sampling with Deep Hierarchical Network[J]. IEEE Access, 2020: 32464-32476.
[27]	KANAKARAJAN N K, MUNIASAMY K. Improving the Accuracy of Intrusion Detection Using GAR-Forest with Feature Selection[C]// Springer. The 4th International Conference on Frontiers in Intelligent Computing:Theory and Applications (FICTA) 2015. Heidelberg: Springer, 2016: 539-547.
[28]	IERACITANO C, ADEEL A, MORABITO F C, et al. A Novel Statistical Analysis and Autoencoder Driven Intelligent Intrusion Detection Approach[J]. Neurocomputing, 2020: 51-62.
[29]	WISANWANICHTHAN T, THAMMAWICHAI M. A Double-Layered Hybrid Approach for Network Intrusion Detection System Using Combined Naive Bayes and SVM[J]. IEEE Access, 2021: 138432-138450.
[30]	FU Yanfang, DU Yishuai, CAO Zijian, et al. A Deep Learning Model for Network Intrusion Detection with Imbalanced Data[EB/OL]. (2022-06-12)[2024-02-27]. https://doi.org/10.3390/electronics11060898.

实验环境	具体配置
操作系统	Windows11
CPU	Intel(R)Core(TM)i7-8750H CPU@2.20GHz 2.21 GHz
内存	8 GB
实验框架	PyTorch 2.0.1
开发语言	Python 3.1.1

参数名称	参数设置
损失函数	CrossEntropyLoss()
激活函数	ReLU
优化器	Adam
批量大小	128
学习率	0.01
训练轮数	20
卷积核	3?3
卷积层数	2
全连接层	6400，512
池化层	2?2
Dropout	0.5

一般预处理（未融合凸包特征）				本文方法（融合凸包特征）
模型训练耗时：3.87 h				模型训练耗时：0.54 h
模型预测耗时：8.26 min				模型预测耗时：6.48 min
Accuracy	Precision	Recall	F1	Accuracy	Precision	Recall	F1
77.02%	57.25%	66.68%	54.23%	96.16%	80.55%	95.91%	83.69%

特征图生成方式	Accuracy	Precision	Recall	F1
(G, B, R)	96.10%	80.19%	95.94%	82.98%
(G, R, B)	94.33%	77.34%	90.61%	79.17%
(B, R,G)	93.01%	76.72%	87.95%	77.52%
(B,G, R)	92.96%	75.20%	88.45%	75.57%
(R,G, B)	95.29%	78.97%	91.40%	81.35%
(R, B,G)	96.20%	82.84%	96.09%	86.71%

方法	Accuracy	Precision	Recall	F1
逻辑回归	74.65%	91.45%	61.19%	73.32%
朴素贝叶斯	63.97%	64.59%	81.25%	72.97%
决策树	76.68%	91.57%	65.02%	76.04%
AdaBoost	75.46%	91.55%	62.67%	74.41%
随机森林	77.02%	96.64%	61.79%	75.38%
CBAM-CNN	96.20%	82.84%	96.09%	86.71%