[1]罗虹富,王恒*,马自强.基于CNN和BiLSTM的分层注意力网络入侵检测方法[J].计算机技术与发展,2024,34(11):95-100.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0211]
 LUO Hong-fu,WANG Heng*,MA Zi-qiang.Hierarchical Attention Network Intrusion Detection Method Based on CNN and BiLSTM[J].,2024,34(11):95-100.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0211]
点击复制

基于CNN和BiLSTM的分层注意力网络入侵检测方法()

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
34
期数:
2024年11期
页码:
95-100
栏目:
网络空间安全
出版日期:
2024-11-10

文章信息/Info

Title:
Hierarchical Attention Network Intrusion Detection Method Based on CNN and BiLSTM
文章编号:
1673-629X(2024)11-0095-06
作者:
罗虹富王恒*马自强
宁夏大学 信息工程学院,宁夏 银川 750021
Author(s):
LUO Hong-fuWANG Heng*MA Zi-qiang
School of Information Engineering,Ningxia University,Yinchuan 750021,China
关键词:
入侵检测深度学习特征融合自注意力机制类不平衡
Keywords:
intrusion detectiondeep learningfeature fusionself-attention mechanismclass imbalance
分类号:
TP393
DOI:
10.20165/j.cnki.ISSN1673-629X.2024.0211
摘要:
目前基于深度学习的入侵检测方法仍然存在特征提取不足、检测精度不佳等问题。 对此,该文提出了一种基于 CNN 和 BiLSTM 的分层注意力网络入侵检测方法。 在每一个 CNN 层和 BiLSTM 层之后引入自注意力机制,单层的 CNN 和BiLSTM 与自注意力机制结合分别形成一个 CA 和 BA 结构,用于提取局部的空间特征和时序特征,多层的 CA 和 BA 结构组合可以充分学习流量数据的多层次空时特征,将学习到的特征通过拼接操作进行特征融合,最后送入到多层感知机中进行预测分类;针对数据集的类不平衡问题,采用变分自编码器(VAE)对少数类进行数据增强,以平衡数据集。 在公开数据集 NSL-KDD 上的实验结果表明,与其他现有入侵检测方法相比,该方法在二分类中的准确率和 F1 分数分别达到了85. 61% 和 85. 55% ,在多分类中的准确率和 F1 分数分别达到了 81. 07% 和 80. 63% ,有效提高了网络入侵的检测性能。
Abstract:
At present,deep learning-based intrusion detection methods still face problems such as insufficient feature extraction and poor detection accuracy. We propose a multi-layer attention network intrusion detection method based on CNN and BiLSTM. After each CNN layer and BiLSTM layer,a self-attention mechanism is introduced. The single-layer CNN and BiLSTM are combined with the self-attention mechanism to form a CA and BA structure,respectively,for extracting local spatial and temporal features. By combining multi-layer CA and BA structures,the multi-level spatio-temporal features of traffic data can be fully learned. The learned features are merged through concatenation operations and finally fed into a multi-layer perceptron for predictive classification. To address the problem of class imbalance in the dataset,Variational Autoencoder (VAE) is used to enhance the data of minority classes and balance the dataset.The experimental results on the public dataset NSL - KDD show that compared with other existing intrusion detection methods, the accuracy and F1 score of the proposed method in binary classification reach 85. 61% and 85. 55% ,and the accuracy and F1 score in multi-classification reach 81. 07% and 80. 63% ,respectively,effectively improving the detection performance of network intrusion.

相似文献/References:

[1]李雷 丁亚丽 罗红旗.基于规则约束制导的入侵检测研究[J].计算机技术与发展,2010,(03):143.
 LI Lei,DING Ya-li,LUO Hong-qi.Intrusion Detection Technology Research Based on Homing - Constraint Rule[J].,2010,(11):143.
[2]马志远,曹宝香.改进的决策树算法在入侵检测中的应用[J].计算机技术与发展,2014,24(01):151.
 MA Zhi-yuan,CAO Bao-xiang.Application of Improved Decision Tree Algorithm in Intrusion Detection System[J].,2014,24(11):151.
[3]高峥 陈蜀宇 李国勇.混合入侵检测系统的研究[J].计算机技术与发展,2010,(06):148.
 GAO Zheng,CHEN Shu-yu,LI Guo-yong.Research of a Hybrid Intrusion Detection System[J].,2010,(11):148.
[4]林英 张雁 欧阳佳.日志检测技术在计算机取证中的应用[J].计算机技术与发展,2010,(06):254.
 LIN Ying,ZHANG Yan,OU Yang-jia.Application of Log Testing Technology in Computer Forensics[J].,2010,(11):254.
[5]李钦 余谅.基于免疫遗传算法的网格入侵检测模型[J].计算机技术与发展,2009,(05):162.
 LI Qin,YU Liang.Grid Intrusion Detection Model Based on Immune Genetic Algorithm[J].,2009,(11):162.
[6]黄世权.网络存储安全分析[J].计算机技术与发展,2009,(05):170.
 HUANG Shi-quan.Analysis of Network Storage's Safety[J].,2009,(11):170.
[7]李睿 肖维民.基于孤立点挖掘的异常检测研究[J].计算机技术与发展,2009,(06):168.
 LI Rui,XIAO Wei-min.Research on Anomaly Intrusion Detection Based on Outlier Mining[J].,2009,(11):168.
[8]胡琼凯 黄建华.基于协议分析和决策树的入侵检测研究[J].计算机技术与发展,2009,(06):179.
 HU Oiong-kai,HUANG Jian-hua.Intrusion Detection Based on Protocol Analysis and Decision Tree[J].,2009,(11):179.
[9]汪世义.基于优化支持向量机的网络入侵检测技术研究[J].计算机技术与发展,2009,(07):177.
 WANG Shi-yi.Network Intrusion Detection Based on Improved Support Vector Machine[J].,2009,(11):177.
[10]薛俊 陈行 陶军.一种基于神经网络的入侵检测技术[J].计算机技术与发展,2009,(08):148.
 XUE Jun,CHEN Hang,TAO Jun.Technology of Intrusion Detection Based on Neural Network[J].,2009,(11):148.
[11]杨 怡,张兴兰.面向入侵检测的频域对抗攻击[J].计算机技术与发展,2023,33(09):72.[doi:10. 3969 / j. issn. 1673-629X. 2023. 09. 011]
 YANG Yi,ZHANG Xing-lan.Frequency Domain Adversarial Attack for Intrusion Detection[J].,2023,33(11):72.[doi:10. 3969 / j. issn. 1673-629X. 2023. 09. 011]
[12]李柄军,陈帅良,段晓英,等.基于改进的GAN与DL融合的入侵检测方法[J].计算机技术与发展,2025,(05):67.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0409]
 LI Bing-jun,CHEN Shuai-liang,DUAN Xiao-ying,et al.Intrusion Detection Method Based on Improved GAN and DL Fusion[J].,2025,(11):67.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0409]

更新日期/Last Update: 2024-11-10