基于深度学习的入侵检测模型综述

随着深度学习技术的不断深入发展,基于深度学习的入侵检测模型已成为网络安全领域的研究热点.对网络入侵检测中常用的数据预处理操作进行了总结;重点对卷积神经网络、长短期记忆网络、自编码器和生成式对抗网络等当前流行的基于深度学习的入侵检测模型进行了分析和比较;并简单说明了基于深度学习的入侵检测模型研究中常用的数据集;指出了现有...     

基于膨胀卷积和门控循环单元组合的入侵检测模型

基于机器学习的入侵检测模型在网络环境的安全保护中起着至关重要的作用。针对现有的网络入侵检测模型不能够对网络入侵数据特征进行充分学习的问题,将深度学习理论应用于入侵检测,提出了一种具有自动特征提取功能的深度网络模型。在该模型中,使用膨胀卷积来增大对信息的感受野并从中提取高级特征,使用门控循环单元（GRU）模型提取保留特征之间的长期依赖关系,再利用深层神经网络（DNN）对数据特征进行充分学习。与经典的机器学习分类器相比,该模型具有较高的检测率。在著名的KDD CUP99、NSL-KDD和UNSW-NB15数据集上进行的实验表明,该模型具有由于其他分类器的性能。具体来说,该模型在KDD CUP99数据集上的准确率为99.78%,在NSL-KDD数据集上的准确率为99.53%,在UNSW-NB15数据集上的准确率为93.12%。     

使用GNN与RNN实现用户行为分析

随着国家高性能计算环境(CNGrid)各个节点产生日志数量不断增加,采用传统的人工方式进行用户行为分析已不能满足日常的分析需求。近年来,深度学习在入侵检测、图像识别、自然语言处理和恶意软件检测等与计算机科学相关的关键任务中取得了良好的效果。演示了如何将深度学习模型应用于用户行为分析。为此,在CNGrid中对用户行为进行分类,提取大量绑定到会话的用户操作序列,然后将这些序列放入抽象的深度学习模型中。提出了一种基于图神经网络(GNN)和循环神经网络(RNN)的深度学习模型来预测用户行为。图神经网络能够捕捉用户局部行为的隐藏状态,可以作为预处理步骤。循环神经网络能够捕捉时间序列的信息。因此,通过将GNN和RNN相结合的方式来构建该模型,以获得两者的优点。为了验证模型的有效性,在CNGrid的真实用户行为数据集上进行了实验,并在实验中与多种不同的其他方法进行对比。实验结果证明了这种新的深度学习模型的有效性。     

基于混沌PSO算法优化RBF网络入侵检测模型

针对网络安全中异常入侵检测,给出了一种构建最优神经网络入侵模型的方法。采用混沌扰动改进粒子群优化算法,优化径向基函数RBF神经网络入侵模型。把网络特征子集和RBF神经网络参数编码成一个粒子,通过粒子间的信息交流与协作快速找到全局最优粒子极值。在KDD Cup 99数据集进行仿真实验,实验数据表明,建立了一种检测率高、速度快的网络入侵检测模型。     

基于改进的动态神经网络的网络入侵检测模型

提出了一种改进型的动态神经网络，并成功地将其应用于网络入侵检测系统中。对于给定的全连接的动态神经网络，在通过学习以后可以成为部分连接的神经网络系统，从而降低了计算的成本。针对目前常见的4种不同类型的网络攻击行为（即DoS，Probe，R2L，和U2R），利用给定的改进型的动态神经网络分别构建相对应的检测系统。然后使用改进的遗传算法对给定的动态神经网络的权值和开关参数进行调节，以适应不同类型的入侵检测。最后利用KDD’99网络入侵检测数据对所提出的网络入侵检测模型进行训练和测试，初步试验结果表明，所提出的入侵检测系统具有较高的检测率。     

Deep Forest-Based Fall Detection in Internet of Medical Things Environment

This article introduces a new medical internet of things (IoT) framework for intelligent fall detection system of senior people based on our proposed deep forest model. The cascade multi-layer structure of deep forest classifier allows to generate new features at each level with minimal hyperparameters compared to deep neural networks. Moreover, the optimal number of the deep forest layers is automatically estimated based on the early stopping criteria of validation accuracy value at each generated layer. The suggested forest classifier was successfully tested and evaluated using a public SmartFall dataset, which is acquired from three-axis accelerometer in a smartwatch. It includes 92781 training samples and 91025 testing samples with two labeled classes, namely non-fall and fall. Classification results of our deep forest classifier demonstrated a superior performance with the best accuracy score of 98.0% compared to three machine learning models, i.e., K-nearest neighbors, decision trees and traditional random forest, and two deep learning models, which are dense neural networks and convolutional neural networks. By considering security and privacy aspects in the future work, our proposed medical IoT framework for fall detection of old people is valid for real-time healthcare application deployment.     

基于异卷积神经网络的入侵检测

网络已经深入人们生产生活的各领域。然而,由于存在大量的非法入侵行为,网络所面临的安全问题也越来越严峻。因此,检测入侵以保障网络安全是一个亟待解决的问题。针对此,本文提出一种基于异卷积神经网络的入侵检测方法,采用深度学习的卷积神经网络模型完成对入侵数据的特征提取,然后根据2种不同结构的卷积神经网络训练数据,从而得到最优模型,用以判断网络入侵。最后,使用KDD 99数据进行对比实验,验证本文方法的准确性和精确性。     

一种基于深度CNN的入侵检测算法

入侵检测是检测和预防可能对基于网络的计算机系统进行攻击和入侵作出反应的技术。提出一种基于深度卷积神经网络的入侵检测的算法,在卷积神经网络基础上引入Inception模型和残差网络,采用深度学习技术,如Relu、Dropout、Softmax。提高模型的收敛速度,使得训练的模型的泛化能力更强,增加网络的宽度和深度,提升网络对尺度的适应性。使用KDD Cup 99数据对该算法进行验证,实验表明,该网络模型与GoogleNet和Lenet-5相比具有更高的准确率和检测率,准确率能够达到94.37%,误报率仅2.14%,提高了入侵检测识别的分类准确性。     

A comprehensive survey on optimizing deep learning models by metaheuristics

Deep neural networks (DNNs), which are extensions of artificial neural networks, can learn higher levels of feature hierarchy established by lower level features by transforming the raw feature space to another complex feature space. Although deep networks are successful in a wide range of problems in different fields, there are some issues affecting their overall performance such as selecting appropriate values for model parameters, deciding the optimal architecture and feature representation and determining optimal weight and bias values. Recently, metaheuristic algorithms have been proposed to automate these tasks. This survey gives brief information about common basic DNN architectures including convolutional neural networks, unsupervised pre-trained models, recurrent neural networks and recursive neural networks. We formulate the optimization problems in DNN design such as architecture optimization, hyper-parameter optimization, training and feature representation level optimization. The encoding schemes used in metaheuristics to represent the network architectures are categorized. The evolutionary and selection operators, and also speed-up methods are summarized, and the main approaches to validate the results of networks designed by metaheuristics are provided. Moreover, we group the studies on the metaheuristics for deep neural networks based on the problem type considered and present the datasets mostly used in the studies for the readers. We discuss about the pros and cons of utilizing metaheuristics in deep learning field and give some future directions for connecting the metaheuristics and deep learning. To the best of our knowledge, this is the most comprehensive survey about metaheuristics used in deep learning field.

     

A deep learning approach to the classification of 3D CAD models简

Model classification is essential to the management and reuse of 3D CAD models. Manual model classification is laborious and error prone. At the same time, the automatic classification methods are scarce due to the intrinsic complexity of 3D CAD models. In this paper, we propose an automatic 3D CAD model classification approach based on deep neural networks. According to prior knowledge of the CAD domain, features are selected and extracted from 3D CAD models first, and then pre-processed as high dimensional input vectors for category recognition. By analogy with the thinking process of engineers, a deep neural network classifier for 3D CAD models is constructed with the aid of deep learning techniques. To obtain an optimal solution, multiple strategies are appropriately chosen and applied in the training phase, which makes our classifier achieve better per-formance. We demonstrate the efficiency and effectiveness of our approach through experiments on 3D CAD model datasets.     

基于多分类支持向量机的入侵检测方法

网络入侵检测所处理的数据由多类攻击数据和正常数据构成，基于此对多分类支持向量机在网络入侵检测中的应用进行了研究，采用一对一方法构造了多分类支持向量机分类器，用KDD99入侵检测数据对所提出的多分类支持向量机分类器进行了测试评估，将实验结果和BP神经网络方法进行了比较。实验表明提出的方法是可行的、高效的。     

Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system

Intrusion detection has become essential to network security because of the increasing connectivity between computers. Several intrusion detection systems have been developed to protect networks using different statistical methods and machine learning techniques. This study aims to design a model that deals with real intrusion detection problems in data analysis and classify network data into normal and abnormal behaviors. This study proposes a multi-level hybrid intrusion detection model that uses support vector machine and extreme learning machine to improve the efficiency of detecting known and unknown attacks. A modified K-means algorithm is also proposed to build a high-quality training dataset that contributes significantly to improving the performance of classifiers. The modified K-means is used to build new small training datasets representing the entire original training dataset, significantly reduce the training time of classifiers, and improve the performance of intrusion detection system. The popular KDD Cup 1999 dataset is used to evaluate the proposed model. Compared with other methods based on the same dataset, the proposed model shows high efficiency in attack detection, and its accuracy (95.75%) is the best performance thus far.     

基于MPSO的BP网络及其在入侵检测中的应用

提出一种基于变异粒子群优化(MPSO)的BP网络学习算法,该算法用PSO算法替代了传统BP算法,且在学习过程中,引入变异操作,克服传统BP算法易陷入局部极小和PSO算法早熟的不足。并把该算法应用于入侵检测中,通过KDD99 CUP数据集分别对基于不同算法的BP神经网络进行了仿真实验比较,结果表明,该算法的收敛速度快,迭代次数较少,而且测试平均准确率高达96.5%。     

多层极限学习机在入侵检测中的应用

针对神经网络在入侵检测应用存在的维度高、数据大、获取标记样本难、特征构造难、训练难等问题,提出了一种基于深度多层极限学习机(ML-ELM)的入侵检测方法。首先,采用多层网络结构和深度学习方法抽取检测样本最高层次的抽象特征,用奇异值对入侵检测数据进行特征表达;然后,利用极限学习机(ELM)建立入侵检测数据的分类模型;其次,利用逐层的无监督学习方法解决入侵检测获取标记样本难的问题;最后采用KDD99数据集对该方法的性能进行了验证。实验结果表明:多层极限学习机的方法提高了检测正确率,检测漏报率也低至0.48%,检测速度比其他深度模型的检测方法提高了6倍以上。同时在极少标记样本的情况下仍有85%以上的正确率。通过多层网络结构的构建提高了对U2L、R2L这两类攻击的检测率。该方法集成深度学习和无监督学习的优点,能对高维度,大数据的网络记录用较少的参数得到更好的表达,在入侵检测的检测速度以及特征表达两个方面都具有优势。     

A deep semantic framework for multimodal representation learning

Multimodal representation learning has gained increasing importance in various real-world multimedia applications. Most previous approaches focused on exploring inter-modal correlation by learning a common or intermediate space in a conventional way, e.g. Canonical Correlation Analysis (CCA). These works neglected the exploration of fusing multiple modalities at higher semantic level. In this paper, inspired by the success of deep networks in multimedia computing, we propose a novel unified deep neural framework for multimodal representation learning. To capture the high-level semantic correlations across modalities, we adopted deep learning feature as image representation and topic feature as text representation respectively. In joint model learning, a 5-layer neural network is designed and enforced with a supervised pre-training in the first 3 layers for intra-modal regularization. The extensive experiments on benchmark Wikipedia and MIR Flickr 25K datasets show that our approach achieves state-of-the-art results compare to both shallow and deep models in multimodal and cross-modal retrieval.     

基于卷积神经网络的电网工控系统入侵检测算法

传统的电网工控系统主要通过防火墙等工具, 与外部网络进行隔离, 但是随着云计算、物联网等新技术的应用, 网络之间互联程度不断深入, 安全防护难度大大提高, 如何有效检测出网络入侵行为变得至关重要. 与传统入侵检测技术相比, 卷积神经网络具有更好的提取入侵特征的能力. 本文提出一种基于卷积神经网络的电网工控系统入侵检测算法, 使用经过处理的KDD99数据集进行模型训练, 并添加级联卷积层优化网络结构. 在参数规模不大的前提下, 保证了模型运行的实时性要求. 本文算法相对于传统SVM算法和K-means算法, 提高了入侵检测的准确率, 降低了误检率, 可以有效检测出对于电网工控系统的入侵行为.     

基于深度序列加权核极限学习的入侵检测算法

针对海量多源异构且数据分布不平衡的网络入侵检测问题以及传统深度学习算法无法根据实时入侵情况在线更新其输出权重的问题,提出了一种基于深度序列加权核极限学习的入侵检测算法（DBN-WOS-KELM算法）。该算法先使用深度信念网络DBN对历史数据进行学习,完成对原始数据的特征提取和数据降维,再利用加权序列核极限学习机进行监督学习完成入侵识别,结合了深度信念网络提取抽象特征的能力以及核极限学习机的快速学习能力。最后在部分KDD99数据集上进行了仿真实验,实验结果表明DBN-WOS-KELM算法提高了对小样本攻击的识别率,并且能够根据实际情况在线更新输出权重,训练效率更高。     

基于聚类簇结构特性的自适应综合采样法在入侵检测中的应用

基于机器学习的网络入侵检测方法将恶意网络行为(入侵)检测转化为模式识别(分类)问题,因其适应性强、灵敏度高等优点,受到国内外广泛关注.然而,现有的模式分类器往往假设数据集的分布是均衡的,而真实的网络环境中,入侵行为要远少于正常访问,这给网络入侵行为检测带来巨大挑战.因此,提出一种基于聚类簇结构特性的综合采样法(CSbADASYN),通过挖掘少数类样本的内部结构对其进行自适应过采样,以获得样本分布结构特性保持的均衡数据样本,解决因数据不均衡带来的分类偏向.CSbADASYN先采用谱聚类方法对数据集中的少数类样本进行聚类分析,再根据所获得的聚类簇结构自适应插值,将获得样本分布结构保持的均衡样本用于分类器模型学习.在经典的NSL-KDD和KDD99数据集上进行大量的验证性和对比性实验,结果表明,CSbADASYN 能使传统分类器模型在不均衡数据集上的分类性能得到明显提升.与传统的未经样本均衡处理和其他的带均衡处理的入侵检测方法相比,该方法能获得更低的误报率和漏报率.     

GMDH-based networks for intelligent intrusion detection

Network intrusion detection has been an area of rapid advancement in recent times. Similar advances in the field of intelligent computing have led to the introduction of several classification techniques for accurately identifying and differentiating network traffic into normal and anomalous. Group Method for Data Handling (GMDH) is one such supervised inductive learning approach for the synthesis of neural network models. Through this paper, we propose a GMDH-based technique for classifying network traffic into normal and anomalous. Two variants of the technique, namely, Monolithic and Ensemble-based, were tested on the KDD-99 dataset. The dataset was preprocessed and all features were ranked based on three feature ranking techniques, namely, Information Gain, Gain Ratio, and GMDH by itself. The results obtained proved that the proposed intrusion detection scheme yields high attack detection rates, nearly 98%, when compared with other intelligent classification techniques for network intrusion detection.