计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (11A): 231000033-6.doi: 10.11896/jsjkx.231000033

• 信息安全 • 上一篇    下一篇

基于开放集的入侵检测方法研究

王春东, 张嘉凯   

  1. 天津理工大学计算机科学与工程学院 天津 300384
  • 出版日期:2024-11-16 发布日期:2024-11-13
  • 通讯作者: 王春东(michael3769@163.com)
  • 基金资助:
    国家自然科学基金联合基金项目(U1536122);天津市科委重大专项(15ZXDSGX00030)

Study on Open Set Based Intrusion Detection Method

WANG Chundong, ZHANG Jiakai   

  1. School of Computer Science and Engineering,Tianjin University of Technology,Tianjin 300384,China
  • Online:2024-11-16 Published:2024-11-13
  • About author:WANG Chundong,born in 1969,Ph.D,professor,is a senior member of CCF(No.16230M).His main research interests include network information security,mobile intelligent terminal secu-rity,public opinion analysis and control,Internet of Things security and security situation awareness.
  • Supported by:
    Joint Funds of the National Natural Science Foundation of China(U1536122) and Tianjin Committee of Science and Technology Major Project,China(15ZXDSGX00030).

PDF (PC)

166

摘要: 入侵检测是网络安全中的一项重要任务,旨在检测异常行为和潜在攻击。近几年,深度学习方法在入侵检测任务中取得了很大突破。但随着近几年互联网行业的迅猛发展,新型攻击类型不断增加,深度学习方法在测试中面对新型类别时,往往会以高置信度给出一个已知类别中的预测结果,导致无法识别未知攻击。基于此,提出一种基于不确定性建模的开放集识别方法,即将MC-Dropout应用于深度学习分类器中以捕获不确定性,从而获得高质量预测概率。该开放集合识别方法不仅能够对已知类别进行分类,同时还能够对未知类别进行判别。通过在CICIDS2017数据集上验证,所提出的方法能够实现对未知类别的检测,和其他现有方法相比具有一定的先进性,各项指标与基准模型对比均取得最好表现,能有效地应用于现实的网络环境。

关键词: 入侵检测, 开放集识别, 深度学习, MC-Dropout

Abstract: Intrusion detection is an important task in network security,which aims to detect anomalous behaviors and potential attacks.In recent years,deep learning methods have made great breakthroughs in intrusion detection tasks.However,with the rapid development of the Internet industry in recent years,new types of attacks are increasing,and deep learning methods tend to give a prediction result in a known category with high confidence when faced with a new type of category in testing,resulting in the inability to recognize unknown attacks.Based on this,this paper proposes an open set identification method based on uncertainty modeling,i.e.,MC-Dropout is applied to deep learning classifiers to capture uncertainty and thus obtain high-quality prediction probabilities.This open set identification method is not only able to classify known categories,but also able to discriminate unknown categories.The proposed method is validated on the CICIDS2017 dataset,and is able to achieve the detection of unknown categories,and has a certain degree of sophistication compared with other existing methods,and achieves the best performance in all the metrics compared with the benchmark model,which can be effectively applied to the real-world network environment.

Key words: Intrusion detection, Open set identification, Deep learning, MC-Dropout

中图分类号: 

  • TP393
[1]GU J,WANG L H,WANG H W,et al.A novel approach to intrusion detection using SVM ensemble with feature augmentation[J].Comput.Secur.,2019,86:53-62.
[2]BELOUCH M,EL HADAJ S,IDHAMMAD M,et al.Performance evaluation of intrusion detection based on machine learning using Apache Spark[J].Procedia Computer Science,2018,127:1-6.
[3]NASR M,BAHRAMALI A,HOUMANSADR A,et al.DeepCorr:Strong Flow Correlation Attacks on Tor Using Deep Learning[C]//Proceedings of the 2018 ACM SIGSAC Confe-rence on Computer and Communications Security.2018.
[4]LI X K,CHEN W,ZHANG Q R,et al.Building Auto-Encoder Intrusion Detection System based on random forest feature se-lection[J].Comput.Secur.,2020,95:101851.
[5]XIAO Y H,XING C,ZHANG T N,et al.An Intrusion Detection Model Based on Feature Reduction and Convolutional Neural Networks[J].IEEE Access,2019,7:42210-42219.
[6]SCHEIRER W J,DE REZENDE ROCHA A,SAPKOTA A,et al.Toward Open Set Recognition[J].IEEE Transactions on Pattern Analysis and Machine Intelligence,2013,35(7):1757-1772.
[7]CRUZ S,COLEMAN C,RUDD E M,et al.Open set intrusion recognition for fine-grained attack categorization[C]//2017 IEEE International Symposium on Technologies for Homeland Security(HST).Waltham,MA,USA,2017:1-6.
[8]RUDD E M,JAIN L P,SCHEIRER W J,et al.The Extreme Value Machine[J].IEEE Transactions on Pattern Analysis and Machine Intelligence,2018,40(3):762-768.
[9]HENRYDOSS J,CRUZ S,RUDD E M,et al.Incremental Open Set Intrusion Recognition Using Extreme Value Machine[C]//2017 16th IEEE International Conference on Machine Learning and Applications(ICMLA).Cancun,Mexico,2017:1089-1093.
[10]SHU L,XU H,LIU B.Doc:Deep open classification of text documents[C]//Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing.2017:2911-2916.
[11]HASSEN M,CHAN P K.Learning a neural-network-based rep-resentation for open set recognition[C]//Proceedings of the 2020 SIAM International Conference on Data Mining.SIAM,2020:154-162.
[12]SHIEH C S,LIN W W,NGUYEN T T,et al.Detection of unknown ddos attacks with deep learning and gaussian mixture model[J].Applied Sciences,2021,11(11):5213.
[13]LAI Y,PING G,WU Y,et al.Opensmax:Unknown domaingeneration algorithm detection[J].Frontiers in Artificial Intelligence and Applications,2020,325:1850-1857.
[14]ZHANG Y,NIU J,GUO D,et al.Unknown network attack detection based on open set recognition[J].Procedia Computer Science,2020,174:387-392.
[15]LIU A,WANG Y,LI T.SFE-GACN:A novel unknown attack detection under insufficient data via intra categories generation in embedding space[J].Computers & Security,2021,105:102262.
[16]GUO J,GUO S,MA S,et al.Conservative Novelty Synthesizing Network for Malware Recognition in an Open-Set Scenario[J].IEEE Transactions on Neural Networks and Learning Systems,34(2):662-676.
[17]VAZE S,HAN K,VEDALOI A,et al.Open-Set Recognition:Good Closed-Set Classifier is All You Need[J].arXiv:2110.06207,2022.
[18]HASSEN M,CHAN P K.Learning a Neural-network-basedRepresentation for Open Set Recognition[C]//SDM.2018.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发