首页 | 本学科首页   官方微博 | 高级检索  
     

基于堆叠卷积注意力的网络流量异常检测模型
引用本文:董卫宇,李海涛,王瑞敏,任化娟,孙雪凯. 基于堆叠卷积注意力的网络流量异常检测模型[J]. 计算机工程, 2022, 48(9): 12-19. DOI: 10.19678/j.issn.1000-3428.0063443
作者姓名:董卫宇  李海涛  王瑞敏  任化娟  孙雪凯
作者单位:信息工程大学 网络空间安全学院,郑州 450002;郑州大学 网络空间安全学院,郑州 450001
基金项目:国家重点研发计划(2018YFB0804500)。
摘    要:入侵检测系统(IDS)在发现网络异常和攻击方面发挥着重要作用,但传统IDS误报率较高,不能准确分析和识别异常流量。目前,深度学习技术被广泛应用于网络流量异常检测,但仅仅采用简单的深度神经网络(DNN)模型难以有效提取流量数据中的重要特征。针对上述问题,提出一种基于堆叠卷积注意力的DNN网络流量异常检测模型。通过堆叠多个以残差模块连接的注意力模块增加网络模型深度,同时在注意力模块中引入卷积神经网络、池化层、批归一化层和激活函数层,防止模型过拟合并提升模型性能,最后在DNN模型中得到输出向量。基于NSL-KDD数据集对模型性能进行评估,将数据集预处理生成二进制特征,采用多分类、二分类方式验证网络流量异常检测效果。实验结果表明,该模型性能优于KNN、SVM等机器学习模型和ANN、AlertNet等深度学习模型,其在多分类任务中识别准确率为0.807 6,较对比模型提高0.034 0~0.097 5,在二分类任务中准确率和F1分数为0.860 0和0.863 8,较对比模型提高0.013 0~0.098 8和0.030 6~0.112 8。

关 键 词:网络流量异常检测  入侵检测系统  深度神经网络  堆叠卷积注意力  二进制特征
收稿时间:2021-12-03
修稿时间:2022-01-29

Network Traffic Anomaly Detection Model Based on Stacked Convolutional Attention
DONG Weiyu,LI Haitao,WANG Ruimin,REN Huajuan,SUN Xuekai. Network Traffic Anomaly Detection Model Based on Stacked Convolutional Attention[J]. Computer Engineering, 2022, 48(9): 12-19. DOI: 10.19678/j.issn.1000-3428.0063443
Authors:DONG Weiyu  LI Haitao  WANG Ruimin  REN Huajuan  SUN Xuekai
Affiliation:1. School of Cyberspace Security, Information Engineering University, Zhengzhou 450002, China;2. School of Cyber Science and Engineering, Zhengzhou University, Zhengzhou 450001, China
Abstract:Intrusion Detection System(IDS) plays an important role in discovering network anomalies and attacks. However, a traditional IDS has a high false alarm rate, and it is difficult to effectively analyze and identify abnormal traffic.In recent years, deep learning technology has been successfully used in the detection of network traffic anomalies, but it is difficult to accurately extract important features from traffic data using simple Deep Neural Network(DNN) models.To address these problems, this study proposes a DNN network traffic anomaly detection model based on stacked convolutional attention.It stacks multiple attention modules connected by residual modules to deepen the depth of the network model and introduces Convolutional Neural Network(CNN), pooling layer, batch normalization layer, and activation function layer in the attention module to prevent overfitting and improve the performance of the model. Finally, the output vector is obtained in DNN model.Furthermore, the NSL-KDD dataset is used to evaluate the proposed model.The dataset is preprocessed to generate binary features, and then multiple classification and binary classification methods are used to test the effect of network traffic anomaly detection.Through comparison with machine learning models such as KNN and SVM, and deep learning models such as ANN and AlertNet, the experimental results show that the accuracy, precision, and F1 score of the proposed model are better than those listed in the paper.In the multiple classification task, the recognition accuracy rate is 0.807 6, which is 0.034 0~0.097 5 higher than that of the comparison models, and the accuracy rate and F1 score are 0.860 0 and 0.863 8 in the binary classification task, respectively, which are 0.013 0~0.098 8 and 0.030 6~0.112 8 higher than those of the comparison models.
Keywords:network traffic anomaly detection  Intrusion Detection System(IDS)  Deep Neural Network(DNN)  stacked convolutional attention  binary feature  
本文献已被 万方数据 等数据库收录!
点击此处可从《计算机工程》浏览原始摘要信息
点击此处可从《计算机工程》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号