基于混合卷积神经网络和循环神经网络的入侵检测模型

针对电力信息网络中的高级持续性威胁问题，提出一种基于混合卷积神经网络（CNN）和循环神经网络（RNN）的入侵检测模型。该模型根据网络数据流量的统计特征对当前网络状态进行分类。首先，获取日志文件中网络流量的各统计值，进行特征编码、归一化等预处理工作；然后，通过深度卷积神经网络中可变卷积核提取不同主机入侵流量之间空间相关特征；最后，将已经处理好的包含空间相关特征的数据在时间上错开排列，利用深度循环神经网络挖掘入侵流量的时间相关特征。实验结果表明，该模型相对于传统的机器学习模型在曲线下方的面积（AUC）上提升了7.5%~14.0%，同时误报率降低了83.7%~52.7%。所提模型能准确地识别网络流量的类别，大幅降低误报率。

Intrusion detection model based on hybrid convolutional neural network and recurrent neural network

Aiming at the problem of advanced persistent threats in power information networks, a hybrid Convolutional Neural Network (CNN) and Recurrent Neural Network (RNN) intrusion detection model was proposed, by which current network states were classified according to various statistical characteristics of network traffic. Firstly, pre-processing works such as feature encoding and normalization were performed on the network traffic obtained from log files. Secondly, spatial correlation features between different hosts' intrusion traffic were extracted by using deformable convolution kernels in CNN. Finally, the processed data containing spatial correlation features were staggered in time, and the temporal correlation features of the intrusion traffic were mined by RNN. The experimental results showed that the Area Under Curve (AUC) of the model was increased by 7.5% to 14.0% compared to traditional machine learning models, and the false positive rate was reduced by 83.7% to 52.7%. It indicates that the proposed model can accurately identify the type of network traffic and significantly reduce the false positive rate.