计算机科学 ›› 2019, Vol. 46 ›› Issue (11A): 473-476.
高忠石1, 苏旸1,2, 柳玉东1
GAO Zhong-shi1, SU Yang 1,2, LIU Yu-dong1
摘要: 目前渗透利用、泛型攻击、SQL注入和APT等隐蔽攻击危害越来越严重,而对于这些隐蔽的攻击形式,浅层的机器学习已经不能很好地对其进行检测。文中设计了一种基于主成分分析优化的长短时记忆网络的入侵检测模型,该模型的主要原理是通过主成分分析去除样本数据中的噪声信息,利用长短时记忆网络的记忆功能和强大的序列数据学习能力进行学习。采用澳大利亚网络安全中心建立的UNSW-NB15数据集进行实验,通过对调整关键参数(时间步长、学习率和激活函数)进行模型分析,结果表明该模型比传统模型有更高的准确率。
中图分类号:
[1]RASS S,ZHU Q.GADAPT:A Sequential Game-TheoreticFramework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats[C]∥International Conference on Decision and Game Theory for Security.Springer International Publishing,2016:314-326. [2]http://www.cert.org.cn/publish/main/46/2018/20180802135136854322283/20180802135136854322283_.html. [3]卿斯汉,蒋建春,马恒太,等.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29. [4]LEE W,STOLFO S J,MOKA K W.Data mining framework for building intrusion detection models[C]∥Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat.No.99CB36344).Oakland,CA,USA,1999,pp.120-132. [5]付钰,李洪成,吴晓平,等.基于大数据分析的APT攻击检测研究综述[J].通信学报,2015,36(11):1-14. [6]OWEZARSKI P,MAZEL J,LABIT Y.0day anomaly detection made possible thanks to machine learning[M]∥Wired/Wireless Internet Communications.Springer Berlin Heidelberg,2010. [7]SCHMIDHUBER J.Deep Learning in neural networks:Anoverview[J].Neural Netw,2015,61:85-117. [8]孙志军,薛磊,许阳明,等.深度学习研究综述[J].计算机应用研究,2012,29(8):2806-2810. [9]王伟.基于深度学习的网络流量分类及异常检测方法研究[D].合肥:中国科学技术大学,2018. [10]WANG W,ZHU M,ZENG X,et al.Malware traffic classification using convolutional neural network for representation learning[C]∥International Conference on Information Networking.IEEE,2017. [11]PEKTAPS,,ABDURRAHMAN,ACARMAN T.A deep learning method to detect network intrusion through flow-based features[J].International Journal of Network Management,2018. [12]冶晓隆,兰巨龙,郭通.基于PCA和禁忌搜索的网络流量特征选择算法[J].计算机科学,2014,41(1):187-191. [13]HOCHREITER S,SCHMIDHUBER J.Long Short-Term Memory[J].Neural Computation,1997,9(8):1735-1780. [14]ADITYA R,FABIO D T,MARK S.Hidden Markov modelswith random restarts versus boosting for malware detection[J].Journal of Computer Virology and Hacking Techniques,2018. [15]GREFF K,SRIVASTAVA R K,KOUTNÍ K,et al.LSTM:ASearch Space Odyssey[J].IEEE Transactions on Neural Networks & Learning Systems,2015,28(10):2222-2232. [16]DAPPA.KDD Cup99 dataset[EB/OL].[2019-03-10].http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. [17]UNSW-NB15[EB/OL].[2019-03-10].http://www.cybersecurity.unsw.adfa.edu.au/ADFA%20NB15%20Datasets/. [18]陶新民,刘福荣,杜宝祥.不均衡数据SVM分类算法及其应用[M].哈尔滨:黑龙江科学技术出版社,2011:43-45. |
[1] | 李其烨, 邢红杰. 基于最大相关熵的KPCA异常检测方法 KPCA Based Novelty Detection Method Using Maximum Correntropy Criterion 计算机科学, 2022, 49(8): 267-272. https://doi.org/10.11896/jsjkx.210700175 |
[2] | 王馨彤, 王璇, 孙知信. 基于多尺度记忆残差网络的网络流量异常检测模型 Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network 计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011 |
[3] | 金方焱, 王秀利. 融合RACNN和BiLSTM的金融领域事件隐式因果关系抽取 Implicit Causality Extraction of Financial Events Integrating RACNN and BiLSTM 计算机科学, 2022, 49(7): 179-186. https://doi.org/10.11896/jsjkx.210500190 |
[4] | 周志豪, 陈磊, 伍翔, 丘东亮, 梁广升, 曾凡巧. 基于SMOTE-SDSAE-SVM的车载CAN总线入侵检测算法 SMOTE-SDSAE-SVM Based Vehicle CAN Bus Intrusion Detection Algorithm 计算机科学, 2022, 49(6A): 562-570. https://doi.org/10.11896/jsjkx.210700106 |
[5] | 曹扬晨, 朱国胜, 孙文和, 吴善超. 未知网络攻击识别关键技术研究 Study on Key Technologies of Unknown Network Attack Identification 计算机科学, 2022, 49(6A): 581-587. https://doi.org/10.11896/jsjkx.210400044 |
[6] | 王杉, 徐楚怡, 师春香, 张瑛. 基于CNN-LSTM的卫星云图云分类方法研究 Study on Cloud Classification Method of Satellite Cloud Images Based on CNN-LSTM 计算机科学, 2022, 49(6A): 675-679. https://doi.org/10.11896/jsjkx.210300177 |
[7] | 阙华坤, 冯小峰, 刘盼龙, 郭文翀, 李健, 曾伟良, 范竞敏. Grassberger熵随机森林在窃电行为检测的应用 Application of Grassberger Entropy Random Forest to Power-stealing Behavior Detection 计算机科学, 2022, 49(6A): 790-794. https://doi.org/10.11896/jsjkx.210800032 |
[8] | 魏辉, 陈泽茂, 张立强. 一种基于顺序和频率模式的系统调用轨迹异常检测框架 Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns 计算机科学, 2022, 49(6): 350-355. https://doi.org/10.11896/jsjkx.210500031 |
[9] | 潘志豪, 曾碧, 廖文雄, 魏鹏飞, 文松. 基于交互注意力图卷积网络的方面情感分类 Interactive Attention Graph Convolutional Networks for Aspect-based Sentiment Classification 计算机科学, 2022, 49(3): 294-300. https://doi.org/10.11896/jsjkx.210100180 |
[10] | 丁锋, 孙晓. 基于注意力机制和BiLSTM-CRF的消极情绪意见目标抽取 Negative-emotion Opinion Target Extraction Based on Attention and BiLSTM-CRF 计算机科学, 2022, 49(2): 223-230. https://doi.org/10.11896/jsjkx.210100046 |
[11] | 张师鹏, 李永忠. 基于降噪自编码器和三支决策的入侵检测方法 Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions 计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059 |
[12] | 吴善杰, 王新. 基于AGA-DBSCAN优化的RBF神经网络构造煤厚度预测方法 Prediction of Tectonic Coal Thickness Based on AGA-DBSCAN Optimized RBF Neural Networks 计算机科学, 2021, 48(7): 308-315. https://doi.org/10.11896/jsjkx.200800110 |
[13] | 李贝贝, 宋佳芮, 杜卿芸, 何俊江. DRL-IDS:基于深度强化学习的工业物联网入侵检测系统 DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things 计算机科学, 2021, 48(7): 47-54. https://doi.org/10.11896/jsjkx.210400021 |
[14] | 程希, 曹晓梅. 基于信息携带的SQL注入攻击检测方法 SQL Injection Attack Detection Method Based on Information Carrying 计算机科学, 2021, 48(7): 70-76. https://doi.org/10.11896/jsjkx.200600010 |
[15] | 曹扬晨, 朱国胜, 祁小云, 邹洁. 基于随机森林的入侵检测分类研究 Research on Intrusion Detection Classification Based on Random Forest 计算机科学, 2021, 48(6A): 459-463. https://doi.org/10.11896/jsjkx.200600161 |
|