[1]张安琳,张启坤,黄道颖,等.基于CNN与BiGRU融合神经网络的入侵检测模型[J].郑州大学学报(工学版),2022,43(03):37-43.
点击复制

基于CNN与BiGRU融合神经网络的入侵检测模型()
分享到:

《郑州大学学报(工学版)》[ISSN:1671-6833/CN:41-1339/T]

卷:
43
期数:
2022年03期
页码:
37-43
栏目:
出版日期:
2022-04-10

文章信息/Info

Title:
Intrusion detection model ba<x>sed on CNN and BiGRU fusing neural network
作者:
张安琳张启坤黄道颖刘江豪李建春陈孝文
文献标志码:
A
摘要:
针对深度学习入侵检测中出现的数据类不平衡及特征学习不全面等问题,提出了一种基于卷积神经网络(CNN)与双向门控循环单元( BiCRU)融合的神经网络入侵检测模型。通过SMOTE-Tomek算法完成对数据集的平衡处理,使用基于平均不纯度减少的特征重要性算法实现特征选择,将CNN和BiGRU模型进行特征融合并引入注意力机制进行特征提取,从而提高模型的总体检测性能。使用入侵检测数据集CSE-CIC-IDS2018进行多分类实验,并与经典单一深度学习模型进行对比。实验结果表明:在数据集平衡方面,经SMOTE-Tomek 算法处理, DoS attacks-Slow HTTP Test 识别准确率从0提升至34.66% ,sQL Injection识别准确率从0提升至100% , DDoS attack-LOIC-UDP 、Brute Force-Web和BruteForce-XSS分别提升了5.22百分点,6.55百分点和35.71百分点,证明了平衡后的数据集较未经过处理的数据集在少数类的识别精度上提升明显。在模型的总体检测性能方面,在多分类实验对比中,所提模型总的分类精确率、召回率以及F1值均高于其他几种单一神经网络模型。其中各攻击流量类别的总评精确率比LSTM模型提升了2.10百分点总评召回率比LSTM模型提升了1.50百分点总评F1值比GRU模型提升了1.97百分点,从而证明了该模型具有更好的检测效果。
Abstract:
Aiming at the problems of unbalanced data types and incomplete feature learning in deep learningintrusion detection,a neural network intrusion detection model based on the fusion of convolutional neural net-works ( CNN) and bidirectional gated recurrent unit ( BiCRU) was proposed. The SMOTE-Tomek algorithmwas used to balance the data set , the feature importance algorithm based on mean decrease impurity was usedto realize feature selection the CNN and BiCRU models used for feature fusion and attention mechanism wasintroduced for feature extraction,so as to improve the overall detection performance of the model. The intru-sion detection data set CSE-CIC-IDS2018 was used for multi classification experiments,the model was com-pared with the classical single deep learning models. The experimental results showed that , firstly , in terms ofdata set balance ,affer being processed by SMOTE-Tomek algorithm, the recognition accuracy of DoS attacks-Slow HTTP’Test class was improved from 0 to 34.66% , that of SQL Injection class was improved from 0 to100% , and DDoS attack-LOIC-UDP ,Brute Force-Web and Brute Force-XSS classes were improved by 5.22percentage points,6.55 percentage points and 35.71 percentage points respectively. It was proved that thebalanced data set improved the recognition accuracy of a few classes significantly compared with the unproc-essed data set. Secondly,in terms of the overall detection performance of the model,in the comparisot of muli clasification experiments,the overall classification accuracy,recall and Fl value of the model in thisstudy were higher than those of several other single neural network models. The overall evaluation accuracy ofeach attack traffic category was about 2.10 percentage points higher than that of the highest LSTM model. Therecall rate of the overall evaluation was about 1.50 percentage points higher than that of the highest LSTMmodel. Compared with the highest GRU model,the overall Fl value increased by about 1.97 percentagepoints. It was proved that the model had better detection effect.
更新日期/Last Update: 2022-05-02