计算机科学

计算机科学 ›› 2021, Vol. 48 ›› Issue (9): 345-351.doi: 10.11896/jsjkx.200500059

• 信息安全 • 上一篇    

基于降噪自编码器和三支决策的入侵检测方法

张师鹏, 李永忠   

  1. 江苏科技大学计算机学院 江苏 镇江212003
  • 收稿日期:2020-05-14 修回日期:2020-08-21 出版日期:2021-09-15 发布日期:2021-09-10
  • 通讯作者: 李永忠(liyongzhong61@163.com)
  • 作者简介:1099682749@qq.com
  • 基金资助:
    国家自然科学基金(61471182);江苏省研究生科研与实践创新计划项目(KYCX20_3163); 江苏省高校自然基金项目(15KJD52004)

Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions

ZHANG Shi-peng, LI Yong-zhong   

  1. School of Computer,Jiangsu University of Science and Technology,Zhenjiang,Jiangsu 212003,China
  • Received:2020-05-14 Revised:2020-08-21 Online:2021-09-15 Published:2021-09-10
  • About author:ZHANG Shi-peng,born in 1994,postgraduate.His main research intrests include computer network security and machine learning.
    LI Yong-zhong,born in 1961,M.S,professor,M.S supervisor.His main research interests include computer network security and information security,intelligent information processing,and application of embedded system.
  • Supported by:
    National Nature Science Foundation of China(61471182),Postgraduate Research & Practice Innovation Program of Jiangsu Province(KYCX20_3163) and Natural Science Foundation of the Jiangsu Higher Education Institutions of China(15KJD52004)

PDF (PC)

799

摘要: 入侵检测在计算机网络安全防御中起着至关重要的作用,是网络安全的关键技术之一。随着网络环境越来越复杂,网络入侵行为也逐渐表现出了多样化及智能化的特点,且越来越难以被检测到。基于上述原因,人们对已有入侵检测方法的可行性与可持续性表示担忧,具体来说就是已有的入侵检测算法很难完美地抽象出入侵行为所包含的特征,且已有的入侵检测方法在未知攻击上大都表现不佳。针对这些问题,文中提出了基于降噪自编码器和三支决策的入侵检测算法DAE-3WD。该方法通过降噪自编码器对高维数据进行特征提取,利用多次的特征提取来构造多粒度的特征空间,然后基于三支决策理论对属于入侵或正常的行为做出立即决策,而对于疑似入侵或者疑似正常的行为则根据不同粒度的特征进行进一步的分析。深度学习具有优越的分层特征学习能力,且三支决策可以规避因信息不足而盲目分类造成的风险,该方法利用这些特性可以达到提升入侵检测表现的目的。在NSL-KDD数据集上进行了实验,实验结果证明,所提算法能提取到有意义的特征并能有效提升入侵检测算法的表现。

关键词: 入侵检测, 三支决策, 特征提取, 网络安全, 自编码器

Abstract: Intrusion detection plays a vital role in computer network security.Intrusion detection is one of the key technologies of network security and needs to be kept under constant attention.As the network environment becomes more and more complex,network intrusion behaviors gradually show diversified and intelligent characteristics,and network intrusion is also becoming more difficult to detect.And the research conducted in the field of network security is also an endless study.For the above reasons,people are worried about the feasibility and sustainability of the current method,specifically,it is difficult for current intrusion detection methods to perfectly abstract the features contained in intrusion behaviors,and most of the current intrusion detection methods perform poorly on unknown attacks.In response to these problems,we propose an intrusion detection method DAE-3WD based on denoising autoencoder and three-way decisions.We hope that our method can effectively promote the research on intrusion detection.This proposed methodextracts features from high-dimensional data through denoising autoencoder.Through multiple feature extractions,a multi-granular feature space can be constructed,and then an immediate decision on intrusive or no-rmal behavior is made based on the three-way decisions,and further analysis is required for suspected intrusion or normal beha-vior.Deep learning has superior hierarchical feature learning ability,and three-way decisions can avoid the risk of blind classification due to insufficient information.This method uses these characteristics to achieve the purpose of improving the performance of intrusion detection.The NSL-KDD data set is used in our experiments.The experiments prove that the proposed method can extract meaningful features and effectively improve the performance of intrusion detection.

Key words: Autoencoder, Feature extraction, Intrusion detection, Network security, Three-way decisions

中图分类号: 

  • TP309
[1]GAO N,GAO L,GAO Q,et al.An Intrusion Detection Model Based on Deep Belief Networks[C]//2014 Second International Conference on Advanced Cloud and Big Data.IEEE,2014:247-252.
[2]QIAN Y Y,LI Y Z,YU X Y.Intrusion Detection Method Based on Multi-label and Semi-Supervised Learning[J].Computer Science,2015,42(2):134-136.
[3]NESPOLI P,PAPAMARTZIVANOS D,MÁRMOL F G,et al.Optimal Countermeasures Selection Against Cyber Attacks:A Comprehensive Survey on Reaction Frameworks[J].IEEE Communications Surveys & Tutorials,2017,20(2):1361-1396.
[4]DÍAZ-LÓPEZ D,DÓLERA-TORMO G,GÓMEZ-MÁRMOL F,et al.Dynamic Counter-Measures for Risk-Based Access Control Systems:An Evolutive Approach[J].Future Generation Computer Systems,2016,55:321-335.
[5]LU Y.Research on a New Hybrid Intrusion Detection Algo-rithm for Cloud Computing[J].Journal of Chongqing University of Technology (Natural Science),2020,34(10):153-159.
[6]LI Y Z,ZHANG J.Intrusion Detection Algorithm Based onCluster and Cloud Model[J].Computer Science,2015(2):33.
[7]GAO L Y,TIAN Z S,LI L X,et al.A SVDD-Based Method for WLAN Indoor Passive Intrusion[J].Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition),2020,32(2):200-209.
[8]ZHANG Y S,JIANG S Y.Research on Network Intrusion Detection Based on Rick Data Mining Tracking Technology[J].Journal of Chongqing University of Technology (Natural Scien-ce),2019,33(10):127-135.
[9]HINTON G E,OSINDERO S,TEH Y W.A Fast Learning Algorithm For Deep Belief Nets[J].Neural Computation,2006,18(7):1527-1554.
[10]WEI P,LI Y,ZHANG Z,et al.An Optimization Method for Intrusion Detection Classification Model Based on Deep Belief Network[J].IEEE Access,2019,7:87593-87605.
[11]YANG Y Q,ZHENG K F,WU B,et al.Network Intrusion Detection Based on Supervised Adversarial Variational Auto-Encoder with Regularization[J].IEEE Access,2020,8:42169-42184.
[12]LI Y Z,ZHANG S P,LI Y,et al.Research on Intrusion Detection Algorithm Based on Deep Learning and Semi-Supervised Clustering[J].International Journal of Cyber Research and Education (IJCRE),2020,2(2):38-60.
[13]VINCENT P,LAROCHELLE H,BENGIO Y,et al.Extracting and composing robust features with denoising autoencoders[C]//Proceedings of the 25th International Conference on Machine Learning.ACM,2008:1096-1103.
[14]YAO Y Y.Three-way decision:an interpretation of rules inrough set theory[C]//International Conference on Rough Sets and Knowledge Technology.Berlin,Heidelberg:Springer,2009:642-649.
[15]ZHANG Y B,MIAO D Q,ZHANG Z F.Multi-granularity text sentiment classification model based on three-way decisions[J].Computer Science,2017,44(12):188-193.
[16]ZHANG L B,LI H X,ZHOU X Z,et al.Sequential three-way decision based on multi-granular autoencoder features[J].Information Sciences,2020,507:630-643.
[17]LIU D,LIANG D C.Generalized three-way decisions and special three-way decisions[J].Journal of Frontiers of Computer Scien-ce and Technology,2017,11(3):502-510.
[18]MALDONADO S,PETERS G,WEBER R.Credit scoringusing three-way decisions with probabilistic rough sets[J].Information Sciences,2020,507:700-714.
[19]YAO Y Y.Granular computing and sequential three-way decisions[C]//International Conference on Rough Sets and Knowle-dge Technology.Berlin,Heidelberg:Springer,2013:16-27.
[20]SENTHILNAYAKI B,VENKATALAKSHMI K,KANNANA.Intrusion Detection System using Fuzzy Rough Set Feature Selection and Modified KNN Classifier[J].International Arab Journal of Information Technology,2019,16(4):746-753.
[21]AL-QATF M,LASHENG Y,AL-HABIB M,et al.Deep lear-ning approach combining sparse autoencoder with SVM for network intrusion detection[J].IEEE Access,2018,6:52843-52856.
[22]REN J D,LIU X Q,WANG Q,et al.A Multi-Level Intrusion Detection Method Based on KNN Outlier Detection and Random Forests[J].Journal of Computer Research and Development,2019,56(3):566-575.
[23]DING Y,LI Y Z.Research on Intrusion Detection Algorithm Based on PCA and Semi-Supervised Clustering[J].Journal of Shandong University (Engineering Science),2012,42(5):41-46.
[24]DU Y,ZHANG Y D,LI M H,et al.Improved Fast ICA algorithm for data optimization processing in intrusion detection[J].Journal on Communications,2016,37(1):42-48.
[25]GHASEMI J,ESMAILY J.Intrusion Detection Systems Using a Hybrid SVD-Based Feature Extraction Method[J].International Journal of Security and Networks,2017,12(4):230-240.
[26]LIU J H,MAO S P,FU X M.Intrusion Detection Model Based on ICA Algorithm and Deep Neural Network[J].NetinfoSecu-rity,2019,19(3):1-10.
[27]FENG W Y,GUO X B,HE Y Y,et al.Intrusion DetectionModel Based on Feedforward Neural Network[J].Netinfo Security,2019,19(9):101-105.
[28]SHONE N,NGOC T N,PHAI V D,et al.A Deep Learning Approach to Network Intrusion Detection[J].IEEE Transactions on Emerging Topics in Computational Intelligence,2018,2(1):41-50.
[1] 王冠宇, 钟婷, 冯宇, 周帆.
基于矢量量化编码的协同过滤推荐方法
Collaborative Filtering Recommendation Method Based on Vector Quantization Coding
计算机科学, 2022, 49(9): 48-54. https://doi.org/10.11896/jsjkx.210700109
[2] 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠.
基于战术关联的网络安全风险评估框架
Network Security Risk Assessment Framework Based on Tactical Correlation
计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171
[3] 王磊, 李晓宇.
基于随机洋葱路由的LBS移动隐私保护方案
LBS Mobile Privacy Protection Scheme Based on Random Onion Routing
计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077
[4] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[5] 张源, 康乐, 宫朝辉, 张志鸿.
基于Bi-LSTM的期货市场关联交易行为检测方法
Related Transaction Behavior Detection in Futures Market Based on Bi-LSTM
计算机科学, 2022, 49(7): 31-39. https://doi.org/10.11896/jsjkx.210400304
[6] 胡艳羽, 赵龙, 董祥军.
一种用于癌症分类的两阶段深度特征选择提取算法
Two-stage Deep Feature Selection Extraction Algorithm for Cancer Classification
计算机科学, 2022, 49(7): 73-78. https://doi.org/10.11896/jsjkx.210500092
[7] 曾志贤, 曹建军, 翁年凤, 蒋国权, 徐滨.
基于注意力机制的细粒度语义关联视频-文本跨模态实体分辨
Fine-grained Semantic Association Video-Text Cross-modal Entity Resolution Based on Attention Mechanism
计算机科学, 2022, 49(7): 106-112. https://doi.org/10.11896/jsjkx.210500224
[8] 程成, 降爱莲.
基于多路径特征提取的实时语义分割方法
Real-time Semantic Segmentation Method Based on Multi-path Feature Extraction
计算机科学, 2022, 49(7): 120-126. https://doi.org/10.11896/jsjkx.210500157
[9] 杜航原, 李铎, 王文剑.
一种面向电商网络的异常用户检测方法
Method for Abnormal Users Detection Oriented to E-commerce Network
计算机科学, 2022, 49(7): 170-178. https://doi.org/10.11896/jsjkx.210600092
[10] 赵冬梅, 吴亚星, 张红斌.
基于IPSO-BiLSTM的网络安全态势预测
Network Security Situation Prediction Based on IPSO-BiLSTM
计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103
[11] 陶礼靖, 邱菡, 朱俊虎, 李航天.
面向网络安全训练评估的受训者行为描述模型
Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment
计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048
[12] 郁舒昊, 周辉, 叶春杨, 王太正.
SDFA:基于多特征融合的船舶轨迹聚类方法研究
SDFA:Study on Ship Trajectory Clustering Method Based on Multi-feature Fusion
计算机科学, 2022, 49(6A): 256-260. https://doi.org/10.11896/jsjkx.211100253
[13] 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏.
基于网络媒体的非线性动力学信息传播模型
Nonlinear Dynamics Information Dissemination Model Based on Network Media
计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043
[14] 刘伟业, 鲁慧民, 李玉鹏, 马宁.
指静脉识别技术研究综述
Survey on Finger Vein Recognition Research
计算机科学, 2022, 49(6A): 1-11. https://doi.org/10.11896/jsjkx.210400056
[15] 邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓.
一种可快速迁移的领域知识图谱构建方法
Fast and Transmissible Domain Knowledge Graph Construction Method
计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发