计算机科学

计算机科学 ›› 2021, Vol. 48 ›› Issue (3): 327-332.doi: 10.11896/jsjkx.200600025

• 信息安全 • 上一篇    

基于Borderline-SMOTE和双Attention的入侵检测方法

刘全明, 李尹楠, 郭婷, 李岩纬   

  1. 山西大学计算机与信息技术学院 太原030006
  • 收稿日期:2020-06-03 修回日期:2020-10-04 出版日期:2021-03-15 发布日期:2021-03-05
  • 通讯作者: 刘全明(liuqm@sxu.edu.cn)
  • 基金资助:
    国家自然科学基金项目(61673295);山西省国际科技合作重点研发计划项目(201903D421050)

Intrusion Detection Method Based on Borderline-SMOTE and Double Attention

LIU Quan-ming, LI Yin-nan, GUO Ting, LI Yan-wei   

  1. School of Computer and Information Technology,Shanxi University,Taiyuan 030006,China
  • Received:2020-06-03 Revised:2020-10-04 Online:2021-03-15 Published:2021-03-05
  • About author:LIU Quan-ming,born in 1973,senior engineer,associate professor.His main research interests include network industry analysis and cloud security.
  • Supported by:
    National Natural Science Foundation of China(61673295) and Shanxi Provincial International Science and Technology Cooperation Key R&D Program Project(201903D421050).

PDF (PC)

794

摘要: 随着互联网的发展,网络环境愈加复杂,由此导致的网络安全问题不断出现,因此网络安全的防护成为一项重要研究课题。针对真实网络环境中采集到的流量数据非平衡以及传统机器学习方法提取特征表示不准确等问题,文中提出一种基于Borderline-SMOTE和双Attention的入侵检测方法。首先对入侵数据进行Borderline-SMOTE过采样处理,解决了数据非平衡问题,并且利用卷积网络在图像特征提取方面的优势,将一维流量数据转化为灰度图像;然后通过双注意力网络分别从通道维度和空间维度对低维特征进行维度更新,得到更精准的特征表示;最后利用Softmax分类器对流量数据进行分类预测。所提方法的仿真实验均已在NSL-KDD数据集上得到验证,其准确率达到99.24%,相比其他常用方法准确率更高。

关键词: Borderline-SMOTE, 非平衡问题, 入侵检测, 双Attention, 网络安全

Abstract: With the development of Internet,the network environment is becoming more complex,and the resulting network security problems continue to emerge,so the protection of network security becomes an important research topic.Aiming at the problems of unbalanced traffic data collected in real network environment and inaccurate feature representation extracted by traditional machine learning methods,this paper proposes an intrusion detection method based on Borderline-SMOTE and dual attention.Firstly,this method performs Borderline-SMOTE oversampling on the intrusion data to solve the problem of data imbalance,and uses the advantages of convolutional networks for image feature extraction to convert 1D flow data into grayscale images.Then it updates the low-dimensional features from the channel dimension and the spatial dimension to obtain a more accurate feature representation respectively.Finally,it uses the Softmax classifier to classify and predict traffic data.The simulation experiments of the proposed method have been verified on the NSL-KDD data set,and the accuracy reaches 99.24%.Compared with other commonly used methods,it has a higher accuracy.

Key words: Borderline-SMOTE, Double Attention, Intrusion detection, Network security, Unbalanced problems

中图分类号: 

  • TP181
[1]KIM J,KIM J,THU H L,et al.Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection[C]//International Conference on Platform Technology and Service.2016:1-5.
[2]SHON T,MOON J.A hybrid machine learning approach to network anomaly detection[J].Information Sciences,2007,177(18):3799-3821.
[3]TAN B,TAN Y,LI Y X,et al.Research on Intrusion Detection System Based on Improved Pso-svm Algorithm[J].Chemical Engineering Transactions,2016:583-588.
[4]ZHAO Y H.Research on intrusion detection Optimization Algorithm based on SVM active learning[J].Journal of Jingchu University of Technology,2018,33(4):5-9.
[5]REN J D,LIU X Q,WANG Q,et al.An Multi-Level Intrusion Detection Method Based on KNN Outlier Detection and Random Forests[J].Journal of Computer Research and Development,2019,56(3):566-575.
[6]SCHMIDHUBER J.Deep learning in neural networks:An overview[J].Neural Networks,2015,61:85-117.
[7]RAFF E,SYLVESTER J,NICHOLAS C,et al.Learning the PE Header,Malware Detection with Minimal Domain Knowledge[J].Machine Learning,2017:121-132.
[8]SHI L Y,ZHU H Q,LIU Y H,et al.Intrusion Detection of Industrial Control System Based on Correlation Information Entropy and CNN-BiLSTM[J].Journal of Computer Research and Development,2019,56(11):2330-2338.
[9]WANG M,LI J.Network Intrusion Detection Model Based on Convolutional Neural Network[J].Journal of Information Security Research,2017,3(11):990-994.
[10]PHETLASY S,OHZAHATA S,WU C,et al.ApplyingSMOTE for a Sequential Classifiers Combination Method to Improve the Performance of Intrusion Detection System[C]//Dependable Autonomic and Secure Computing.2019:255-258.
[11]DING H W,WAN L,LONG T Y.Research on the application of deep auto-encoder network in intrusion detection[J].Journal of Harbin Institute of Technology,2019,51(5):185-194.
[12]HUI H,WANG W Y,MAO B H.Borderline-SMOTE:a newover-sampling method in imbalanced data sets learning[C]//International Conference on Intelligent Computing.Berlin,Heidelberg:Springer,2005.
[13]MNIH V,HEESS N ,GRAVES A ,et al.Recurrent Models of Visual Attention[J].arXiv:1406.6247v1,2014.
[14]WOO S,PARK J,LEE J,et al.CBAM:Convolutional Block Attention Module[C]//European Conference on Computer Vision.2018:3-19.
[15]PHETLASY S,OHZAHATA S,WU C,et al.ApplyingSMOTE for a Sequential Classifiers Combination Method to Improve the Performance of Intrusion Detection System[C]//Dependable Autonomic and Secure Computing.2019:255-258.
[16]LI Y,ZHANG B.An Intrusion DetectionAlgorithm Based onDeep CNN[J].Computer Applications and Software,2020,37(4):324-328.
[17]DING H W,WAN L,ZHOU K,et al.Study on Intrusion Detection Based on Deep Convolution Neural Network[J].Computer Science,2019,46(10):173-179.
[18]LIAN H F,ZHANG H,GUO W Z.Netflow Anomaly Detection Based on Data Enhancement and Hybrid Neural Network [J].Journal of Chinese Mini-Micro Computer Systems,2020,41(4):786-793.
[19]YANG Y,ZHENG K,WU C,et al.Building an Effective Intrusion Detection System Using the Modified Density Peak Clustering Algorithm and Deep Belief Networks[J].Applied Sciences,2019,9(2):238.
[20]THASEEN I S,KUMAR C A.Intrusion detection model using fusion of chi-square feature selection and multi class SVM[J].Journal of King Saud University-Computer and Information Sciences,2017,29(4):462-472.
[21]PARSAEI M R,ROSTAMI S M,JAVIDAN R,et al.A Hybrid Data Mining Approach for Intrusion Detection on Imbalanced NSL-KDD Dataset[J].International Journal of Advanced Computer Science and Applications,2016,7(6):20-25.
[22]YANG Y R,SONG R J,ZHOU Z Y.Network Intrusion Detection Method Based on GAN-PSO-ELM[J].Computer Enginee-ring and Applications,2020,56(12):66-72.
[1] 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠.
基于战术关联的网络安全风险评估框架
Network Security Risk Assessment Framework Based on Tactical Correlation
计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171
[2] 王磊, 李晓宇.
基于随机洋葱路由的LBS移动隐私保护方案
LBS Mobile Privacy Protection Scheme Based on Random Onion Routing
计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077
[3] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[4] 赵冬梅, 吴亚星, 张红斌.
基于IPSO-BiLSTM的网络安全态势预测
Network Security Situation Prediction Based on IPSO-BiLSTM
计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103
[5] 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏.
基于网络媒体的非线性动力学信息传播模型
Nonlinear Dynamics Information Dissemination Model Based on Network Media
计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043
[6] 周志豪, 陈磊, 伍翔, 丘东亮, 梁广升, 曾凡巧.
基于SMOTE-SDSAE-SVM的车载CAN总线入侵检测算法
SMOTE-SDSAE-SVM Based Vehicle CAN Bus Intrusion Detection Algorithm
计算机科学, 2022, 49(6A): 562-570. https://doi.org/10.11896/jsjkx.210700106
[7] 曹扬晨, 朱国胜, 孙文和, 吴善超.
未知网络攻击识别关键技术研究
Study on Key Technologies of Unknown Network Attack Identification
计算机科学, 2022, 49(6A): 581-587. https://doi.org/10.11896/jsjkx.210400044
[8] 吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳.
基于进化神经网络的电力信息网安全态势量化方法
Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network
计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151
[9] 邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓.
一种可快速迁移的领域知识图谱构建方法
Fast and Transmissible Domain Knowledge Graph Construction Method
计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018
[10] 陶礼靖, 邱菡, 朱俊虎, 李航天.
面向网络安全训练评估的受训者行为描述模型
Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment
计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048
[11] 魏辉, 陈泽茂, 张立强.
一种基于顺序和频率模式的系统调用轨迹异常检测框架
Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns
计算机科学, 2022, 49(6): 350-355. https://doi.org/10.11896/jsjkx.210500031
[12] 黄颖琦, 陈红梅.
基于代价敏感卷积神经网络的非平衡问题混合方法
Cost-sensitive Convolutional Neural Network Based Hybrid Method for Imbalanced Data Classification
计算机科学, 2021, 48(9): 77-85. https://doi.org/10.11896/jsjkx.200900013
[13] 张师鹏, 李永忠.
基于降噪自编码器和三支决策的入侵检测方法
Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions
计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059
[14] 周仕承, 刘京菊, 钟晓峰, 卢灿举.
基于深度强化学习的智能化渗透测试路径发现
Intelligent Penetration Testing Path Discovery Based on Deep Reinforcement Learning
计算机科学, 2021, 48(7): 40-46. https://doi.org/10.11896/jsjkx.210400057
[15] 李贝贝, 宋佳芮, 杜卿芸, 何俊江.
DRL-IDS:基于深度强化学习的工业物联网入侵检测系统
DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things
计算机科学, 2021, 48(7): 47-54. https://doi.org/10.11896/jsjkx.210400021
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发