计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (11A): 231100106-9.doi: 10.11896/jsjkx.231100106

• 信息安全 • 上一篇    下一篇

基于CNN结合BiGRU的恶意流量分类算法研究

杨永平1, 王思婷2   

  1. 1 北京师范大学珠海分校信息技术学院 广东 珠海 519087
    2 北京邮电大学国家移动安全重点实验室 北京 100876
  • 出版日期:2024-11-16 发布日期:2024-11-13
  • 通讯作者: 杨永平(yangyongping@bnu.edu.cn)
  • 基金资助:
    广东省教育厅科技项目(2020KTSCX175);北京师范大学珠海分校校内教研项目(202041)

Study on Malicious Traffic Classification Algorithm Based on CNN Combined with BiGRU

YANG Yongping1, WANG Siting2   

  1. 1 School of Information Technology,Beijing Normal University,Zhuhai,Zhuhai,Guangdong 519087,China
    2 National Key Laboratory of Mobile Security,Beijing University of Posts and Telecommunications,Beijing 100876,China
  • Online:2024-11-16 Published:2024-11-13
  • About author:YANG Yongping,born in 1980,master,lecturer.His main research interests include network security and machine learning.
  • Supported by:
    Project of Department of Education of Guangdong Province(2020KTSCX175) and Beijing Normal University Zhuhai Campus Teaching and Research Project(202041).

PDF (PC)

185

摘要: 网络入侵检测是一项重要的网络安全技术,恶意流量识别分类是网络入侵检测的基础。利用端口检测技术、深度包检测技术、特征工程机器学习算法检测技术在当前网络环境下进行流量识别分类已失效或不易实施,因此文中提出了结合卷积神经网络和循环神经网络改进简化模型门控循环单元的恶意流量识别分类算法模型CNNBiGRU,运用卷积神经网络CNN提取网络流结构特征和空间特征,双向门控循环单元BiGRU提取序列特征,符合网络流兼具空间结构和序列特征的特点。在CIC-IDS2017公开数据集上进行了测试和模型优化与参数选择,实验结果表明所提算法比经典机器学习算法在分类效果上有一定的优势而且不需要特征工程,与单一神经网络算法相比也具有更好的识别效果,与融合神经网络算法在同等准确率目标衡量下又有一定的学习迭代次数优势,具有更高的学习效率。

关键词: 恶意流量分类, 深度学习, 卷积神经网络, 双向门控循环单元

Abstract: Network intrusion detection is an important network security technology,malicious traffic recognition and classification is the basis of network intrusion detection.In the current network environment,port detection technology,deep packet detection technology,and feature engineering machine learning algorithm detection technology for malicious traffic identification and classification have failed or are not easy to implement.This paper proposes a malicious traffic recognition classification algorithm model CNNBiGRU,which combines convolutional neural network and bidirectional gated recurrent unit.CNNBiGRU uses convolutional neural network CNN to extract network flow structure features and spatial features,and uses bidirectional gated recurrent unit BiGRU to extract sequence features,which is consistent with the characteristics of network flow with both spatial structure and sequence features.Tests and model optimization and parameter selection are performed on the CIC-IDS2017 dataset.The experimental results show that the proposed algorithm has certain advantages in classification effect and no feature engineering is required compared with the classical machine learning algorithm,and also has better recognition effect compared with the single-neural network algorithm.Compared with the fusion neural network algorithm,it maintains the same high detection result and has a little advantage in the number of learning iterations under the same accuracy target measurement.

Key words: Malicious trafficclassification, Deep learning, Convolutional neural network, Bidirectional gated recurrent unit

中图分类号: 

  • TP391
[1]China Internet Network Security Report 2020 [R].https://www.cert.org.cn/publish/main/upload/File/2020%20Annual%20Report.pdf.
[2]MOORE A W,PAPAGIANNAKI K.Toward the accurate identification of network ap-plications[C]//PAM 2005:Proceedings of the 2005 International Workshop on Passive and Active Network Measurement,LNCS 3431.Berlin:Springer,2005:41-45.
[3]GU Y,LI D,GAO K G.Research on Network traffic Classifica-tion based on Machine Learning and Deep Learning[J].Telecommunication Science,2021,37(3):105-113.
[4]KONG L,HUANG G,WU K,Identification of Abnormal Network Traffic Using Support Vector Machine[C]//2017 18th International Conference on Parallel and Distributed Computing,Applications and Technologies(PDCAT).2017:288-292.
[5]IMAN S,LASHKARI H,GHORBANI A,et al.Toward Gene-rating a New Intrusion Detection Dataset and Intrusion Traffic Characterization[C]//International Conference on Information Systems Security and Privacy.2018:108-116.
[6]LECUN Y,BOTTOU L,BENGIO Y,et al.Gradient-basedlearning applied to document recognition[J].Proceedings of the IEEE,1998,86(11):2278-2324.
[7]GRAVES A,MOHAMED A R,HINTON G E.Speech recognition with deep recurrent neural networks[C]//2013 IEEE International Conference on Acoustics,Speech and Signal Processing.2013:6645-6649.
[8]REZAEI S,LIU X.Deep learning for encrypted traffic classification:An overview[J].IEEE Communications Magazine,57(5):2019:76-81.
[9]LOTFOLLAHI M,JAFARI SIAVOSHANI M,SHIRALIHOSSEIN ZADE R,et al.Deep packet:a novel approach for encrypted traffic classification using deep learning[J].Soft Computing,2020,24(3):1999-2012.
[10]LOPEZ-MARTIN M,CARRO B,SANCHEZ-ESGUEVILLASA,et al.Network traffic classifier with convolutional and recurrent neural networks for Internet of Things[J].IEEE Access,2017(5):18042-18050.
[11]WANG W,ZHU M,ZENG X W,et al.Malware traffic classification using convolutional neural network for representation learning[C]//2017 International Conference on Information Networking(ICOIN).Da Nang,Vietnam,2017:712-717.
[12]CIREGAN D,MEIER U,SCHMIDHUBER J.Multi-columndeep neural networks for image classification[C]//2012 IEEE Conference on Computer Vision and Pattern Recognition.Providence,RI,USA,2012:3642-3649.
[13]LECUN Y,JACKEL L D,BOTTOU L,et al.Learning Algorithms for Classification:A Comparison on Handwritten Digit Recognition[C]//Neural Networks:The Statistical Mechanics Perspective.1995.
[14]WANG W,SHENG Y Q,WANG J L,et al.HAST-IDS:Learning Hierarchical Spatial-Temporal Features Using Deep Neural Networks to Improve Intrusion Detection[J].IEEE Access,2018(6):1792-1806.
[15]LIU Y F,CAI S,YANG H X,et al.Network Intrusion Detection Method Integrating CNN and BiLSTM [J].Computer Engineering,2019,45(12):127-133.
[16]DENG X,LIU Z H,OUYANG Y,et al.Identification of encrypted Malicious traffic based on CNN CBAM-BiGRU Attention [J].Computer Engineering,2023,49(11):178-186.
[17]PACHECO F,EXPOSITO E,GINESTE M,et al.Towards the Deployment of Machine Learning Solutions in Network Traffic Classification:A Systematic Survey[J].IEEE Communications Surveys & Tutorials,Secondquarter 2019,21(2):1988-2014.
[18]ZHOU F Y,JIN L P,DONG J.Review of Convolutional neural network [J].Chinese Journal of Computers,2017,40(6):1229-1251.
[19]HOCHREITER S,SCHMIDHUBER J.Long short-term memory[J].arXiv:1412.3555,2014.
[20]CHUNG J Y,GULCEHRE C,CHO K,et al.Empirical Evaluation of Gated Recurrent Neural Networks on Sequence Modeling[J]arXiv:1412.3555,2014.
[21]OYELAKIN A,AMEEN A O,OGUNDELE T S,et al.Overview and Exploratory Analyses of CICIDS 2017 Intrusion Detection Dataset[J/OL].https://api.semanticscholar.org/CorpusID:262063000.
[22]MASEER Z K,YUSOF R,BAHAMAN N,et al.Benchmarking of Machine Learning for Anomaly Based Intrusion Detection Systems in the CICIDS2017 Dataset[J].IEEE Access,2021(9):22351-22370.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发