梁永恒,柳毅.基于改进ConvLSTM的入侵检测方法[J]. 微电子学与计算机,2024,41(5):88-98. doi: 10.19304/J.ISSN1000-7180.2023.0278
引用本文: 梁永恒,柳毅.基于改进ConvLSTM的入侵检测方法[J]. 微电子学与计算机,2024,41(5):88-98. doi: 10.19304/J.ISSN1000-7180.2023.0278
LIANG Y H,LIU Y. Intrusion detection method based on improved ConvLSTM[J]. Microelectronics & Computer,2024,41(5):88-98. doi: 10.19304/J.ISSN1000-7180.2023.0278
Citation: LIANG Y H,LIU Y. Intrusion detection method based on improved ConvLSTM[J]. Microelectronics & Computer,2024,41(5):88-98. doi: 10.19304/J.ISSN1000-7180.2023.0278

基于改进ConvLSTM的入侵检测方法

Intrusion detection method based on improved ConvLSTM

  • 摘要: 针对网络入侵检测模型泛化能力弱的问题,提出了一种基于权重丢弃的卷积化长短期记忆网络(WD-ConvLSTM)和梯度惩罚生成对抗网络(WGAN-GP)的入侵检测方法。在数据处理方面,对网络流量数据进行归一化和数值化后使用主成分分析法进行数据降维。在特征提取方面,利用所提WD-ConvLSTM挖掘出高维数据深层的空间特征。最后把挖掘出来的空间特征输入Softmax函数得到分类结果。为了缓解数据不平衡导致的过拟合问题,引入WGAN-GP对稀有类型数据进行过采样,进一步增强模型的泛化能力。在NSL-KDD数据集上对所提出的入侵检测方法进行了实验,结果表明,无论是与随机森林、支持向量机、贝叶斯等传统机器学习方法,还是与降噪自编码器、多尺度卷积神经网络等深度学习方法相比,所提出的方法在准确率、F1值上表现更好。

     

    Abstract: Aiming at the weak generalization ability of network intrusion detection model, an intrusion detection method based on Weight-Dropped Convolutional LSTM(WD-ConvLSTM) and Gradient Penalty Wasserstein Generative Adversarial Network (WGAN-GP) is proposed. In terms of data processing, the Principal Component Analysis (PCA) algorithm is used to reduce the dimension of data after normalizing and digitizing the network traffic data. In feature extraction, the WD-ConvLSTM proposed will mine the deep spatial features of high-dimensional data. Finally, the extracted features are input into the softmax function to output the classification results. So as to solve the problem of overfitting caused by unbalanced dataset, WGAN-GP is used for generating attack samples to enhance the generalization ability of the model. The proposed intrusion detection method is verified on the NSL-KDD dataset, and the results show that the proposed method performs better in accuracy and F1 score, whether compared with traditional machine learning methods such as random forest, support vector machine, bayesian, or deep learning methods such as stacked denoising autoencoder and multi-scale convolution neural network.

     

/

返回文章
返回