当前基于神经网络的入侵检测方法并没有将数据分类信息考虑在内,无法有效利用网络流量数据的时序信息,为此将门控循环单元(gated recurrent unit,GRU)和基于分类信息的特征嵌入技术结合起来,构建了基于GRU与特征嵌入的网络入侵检测模型。利用UNSW-NB15数据集进行模型仿真实验,结果表明该模型提高了对入侵攻击的检测率,为入侵检测中大规模数据的处理提供了一种全新的思路。
The existing intrusion detection methods based on neural network have not taken data classification information into consideration yet, thus, the timing information of network traffic data are not used effectively. In this paper, we propose network intrusion detection models based on gated recurrent unit (GRU) in combination with embedding technique of categorical information. Simulation experiments on the models are carried out with UNSW-NB15, which is a comprehensive network traffic dataset. Experimental results show that the proposed models not only improve the detection rate of intrusion attacks, but also provide a new way for intrusion detection in case of processing large-scale data.
[1] 郭小娟. 基于局部异常因子的信息网络流量异常检测[J]. 信息通信, 2019(11):32-33. Guo X J. Information network traffic anomaly detection based on local anomaly factors[J]. Information and Communication, 2019(11):32-33. (in Chinese)
[2] 曾惟如, 吴佳, 闫飞. 基于层级实时记忆算法的时间序列异常检测算法[J]. 电子学报, 2018, 46(2):325-332. Zeng W R, Wu J, Yan F. Time series anomaly detection algorithm based on hierarchical realtime memory algorithm[J]. Chinese Journal of Electronics, 2018, 46(2):325-332. (in Chinese)
[3] Garcia-Teodoro P, Diaz-Verdejo J, Macia-Fernandez G, et al. Anomaly-based network intrusion detection:techniques, systems and challenges[J]. Computers & Security, 2009, 28(1/2):18-28.
[4] Subbulakshmi T. Detection and classification of DDoS attacks using machine learning algorithms[J]. European Journal of Scientific Research, 2010, 47(3):334-346.
[5] Kaur S, Singh M. Hybrid intrusion detection and signature generation using deep recurrent neural networks[J]. Neural Computing & Applications, 2020, 32(12):129-142.
[6] 孙明轩, 翁丁恩, 张钰. 有限值终态递归神经网络计算[J]. 计算机科学, 2020, 47(1):212-218. Sun M X, Weng D E, Zhang Y. Calculation of finite value final state recurrent neural network[J]. Computer Science, 2020, 47(1):212-218. (in Chinese)
[7] 汤鹏杰, 王瀚漓, 许恺晟. LSTM逐层多目标优化及多层概率融合的图像描述[J]. 自动化学报, 2018, 44(7):1237-1249. Tang P J, Wang H L, Xu K S. LSTM layer-by-layer multi-objective optimization and multilayer probability fusion image description[J]. Acta Automatica Sinica, 2018, 44(7):1237-1249. (in Chinese)
[8] 薛阳, 王琳, 王舒, 等. 一种结合CNN和GRU网络的超短期风电预测模型[J]. 可再生能源, 2019(3):456-462. Xue Y, Wang L, Wang S, et al. An ultra-short-term wind power prediction model combining CNN and GRU networks[J]. Renewable Energy, 2019(3):456-462. (in Chinese)
[9] Pennington J, Socher R, Manning C D. Glove:global vectors for word representation[C]//Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing, 2014:1532-1543.
[10] Moustafa N, Slay J. UNSW-NB15:a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]//2015 Military Communications and Information Systems Conference, 2015:1-6.
[11] Dey R, Salemt F M. Gate-variants of gated recurrent unit (GRU) neural networks[C]//2017 IEEE 60th International Midwest Symposium on Circuits and Systems, 2017:1597-1600.
[12] Greff K, Srivastava R K, Koutník J, et al. LSTM:a search space odyssey[J]. IEEE Transactions on Neural Networks and Learning Systems, 2016, 28(10):2222-2232.
[13] Zhang J S, Xiao X C. Predicting chaotic time series using recurrent neural network[J]. Chinese Physics Letters, 2000, 17(2):88-97.
[14] Russac Y, Caelen O, He-Guelton L. Embeddings of categorical variables for sequential data in fraud context[C]//International Conference on Advanced Machine Learning Technologies and Applications. Cham:Springer, 2018:542-552.
[15] Choi H, Cho K, Bengio Y. Context-dependent word representation for neural machine translation[J]. Computer Speech & Language, 2017, 45(6):149-160.
[16] Shi Y, Zhang W Q, Liu J, et al. RNN language model with word clustering and class-based output layer[J]. EURASIP Journal on Audio, Speech, and Music Processing, 2013(1):1-7.
[17] Ingre B, Yadav A. Performance analysis of NSL-KDD dataset using ANN[C]//2015 International Conference on Signal Processing and Communication Engineering Systems, 2015:92-96.
[18] 何捷舟, 刘金平, 张五霞, 等. 基于在线自适应极限学习机选择性集成的网络入侵检测[J]. 中国科学技术大学学报, 2019, 49(7):544-554. He J Z, Liu J P, Zhang W X, et al. Network intrusion detection based on selective integration of online adaptive extreme learning machine[J]. Journal of University of Science and Technology of China, 2019, 49(7):544-554. (in Chinese)
[19] 谈帅昕. 基于分段核函数的SVM入侵检测方法[J]. 软件导刊, 2019, 18(3):43-46, 52. Tan S X. SVM intrusion detection method based on piecewise kernel function[J]. Software Guide, 2019, 18(3):43-46, 52. (in Chinese)
[20] 连超, 李华, 刘亚, 等. 一种基于DBN-LR集成学习的异常检测模型[J]. 小型微型计算机系统, 2019, 40(12):2637-2643. Lian C, Li H, Liu Y, et al. An anomaly detection model based on DBN-LR integrated learning[J]. Small Microcomputer System, 2019, 40(12):2637-2643. (in Chinese)
