计算机科学 ›› 2019, Vol. 46 ›› Issue (11A): 473-476.

• 信息安全 • 上一篇    下一篇

基于PCA-LSTM的入侵检测研究

高忠石1, 苏旸1,2, 柳玉东1   

  1. (武警工程大学网络与信息安全武警部队重点实验室 西安710086)1;
    (武警工程大学密码工程学院 西安710086)2
  • 出版日期:2019-11-10 发布日期:2019-11-20
  • 通讯作者: 苏旸(1975-),男,博士,教授,CCF高级会员,主要研究方向为网络攻防、可信计算,E-mail:15114894304@163.com。
  • 作者简介:高忠石(1989-),男,硕士,主要研究方向为网络安全。
  • 基金资助:
    本文受国家自然科学基金项目(61103231)资助。

Study on Intrusion Detection Based on PCA-LSTM

GAO Zhong-shi1, SU Yang 1,2, LIU Yu-dong1   

  1. (Key Laboratory for Network and Information Security of Chinese Armed Police Force,Engineering University of PAP,Xi’ an 710086,China)1;
    (College of Cryptographic Engineering,Engineering College of PAP,Xi’an 710086,China)2
  • Online:2019-11-10 Published:2019-11-20

摘要: 目前渗透利用、泛型攻击、SQL注入和APT等隐蔽攻击危害越来越严重,而对于这些隐蔽的攻击形式,浅层的机器学习已经不能很好地对其进行检测。文中设计了一种基于主成分分析优化的长短时记忆网络的入侵检测模型,该模型的主要原理是通过主成分分析去除样本数据中的噪声信息,利用长短时记忆网络的记忆功能和强大的序列数据学习能力进行学习。采用澳大利亚网络安全中心建立的UNSW-NB15数据集进行实验,通过对调整关键参数(时间步长、学习率和激活函数)进行模型分析,结果表明该模型比传统模型有更高的准确率。

关键词: UNSW-NB15, 长短时记忆网络, 入侵检测, 主成分分析, 准确率

Abstract: At present,concealed attacks such as exploit,generics,SQL injection and APT are becoming more and more serious,and shallow machine learning is no longer a good way to detect these hidden forms of attack.In this paper,an intrusion detection model based on principal component analysis optimization for long and short time memory networks was designed.The main principle is to remove the noise information in the sample data through principal component analysis,and utilize the memory function of long and short memory networks and the powerful sequence data learning ability.The UNSW-NB15 data set established by Australian Network Cyber Center is adopted to conduct experimental analysis by adjusting the key parameters time-steps,learning rate and activation function.The results show that this model has higher accuracy than traditional model.

Key words: Accuracy, Intrusion detection, Long short-term memory, Principal component analysis, UNSW-NB15

中图分类号: 

  • TP309
[1]RASS S,ZHU Q.GADAPT:A Sequential Game-TheoreticFramework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats[C]∥International Conference on Decision and Game Theory for Security.Springer International Publishing,2016:314-326.
[2]http://www.cert.org.cn/publish/main/46/2018/20180802135136854322283/20180802135136854322283_.html.
[3]卿斯汉,蒋建春,马恒太,等.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29.
[4]LEE W,STOLFO S J,MOKA K W.Data mining framework for building intrusion detection models[C]∥Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat.No.99CB36344).Oakland,CA,USA,1999,pp.120-132.
[5]付钰,李洪成,吴晓平,等.基于大数据分析的APT攻击检测研究综述[J].通信学报,2015,36(11):1-14.
[6]OWEZARSKI P,MAZEL J,LABIT Y.0day anomaly detection made possible thanks to machine learning[M]∥Wired/Wireless Internet Communications.Springer Berlin Heidelberg,2010.
[7]SCHMIDHUBER J.Deep Learning in neural networks:Anoverview[J].Neural Netw,2015,61:85-117.
[8]孙志军,薛磊,许阳明,等.深度学习研究综述[J].计算机应用研究,2012,29(8):2806-2810.
[9]王伟.基于深度学习的网络流量分类及异常检测方法研究[D].合肥:中国科学技术大学,2018.
[10]WANG W,ZHU M,ZENG X,et al.Malware traffic classification using convolutional neural network for representation learning[C]∥International Conference on Information Networking.IEEE,2017.
[11]PEKTAPS,,ABDURRAHMAN,ACARMAN T.A deep learning method to detect network intrusion through flow-based features[J].International Journal of Network Management,2018.
[12]冶晓隆,兰巨龙,郭通.基于PCA和禁忌搜索的网络流量特征选择算法[J].计算机科学,2014,41(1):187-191.
[13]HOCHREITER S,SCHMIDHUBER J.Long Short-Term Memory[J].Neural Computation,1997,9(8):1735-1780.
[14]ADITYA R,FABIO D T,MARK S.Hidden Markov modelswith random restarts versus boosting for malware detection[J].Journal of Computer Virology and Hacking Techniques,2018.
[15]GREFF K,SRIVASTAVA R K,KOUTNÍ K,et al.LSTM:ASearch Space Odyssey[J].IEEE Transactions on Neural Networks & Learning Systems,2015,28(10):2222-2232.
[16]DAPPA.KDD Cup99 dataset[EB/OL].[2019-03-10].http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
[17]UNSW-NB15[EB/OL].[2019-03-10].http://www.cybersecurity.unsw.adfa.edu.au/ADFA%20NB15%20Datasets/.
[18]陶新民,刘福荣,杜宝祥.不均衡数据SVM分类算法及其应用[M].哈尔滨:黑龙江科学技术出版社,2011:43-45.
[1] 李其烨, 邢红杰.
基于最大相关熵的KPCA异常检测方法
KPCA Based Novelty Detection Method Using Maximum Correntropy Criterion
计算机科学, 2022, 49(8): 267-272. https://doi.org/10.11896/jsjkx.210700175
[2] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[3] 金方焱, 王秀利.
融合RACNN和BiLSTM的金融领域事件隐式因果关系抽取
Implicit Causality Extraction of Financial Events Integrating RACNN and BiLSTM
计算机科学, 2022, 49(7): 179-186. https://doi.org/10.11896/jsjkx.210500190
[4] 周志豪, 陈磊, 伍翔, 丘东亮, 梁广升, 曾凡巧.
基于SMOTE-SDSAE-SVM的车载CAN总线入侵检测算法
SMOTE-SDSAE-SVM Based Vehicle CAN Bus Intrusion Detection Algorithm
计算机科学, 2022, 49(6A): 562-570. https://doi.org/10.11896/jsjkx.210700106
[5] 曹扬晨, 朱国胜, 孙文和, 吴善超.
未知网络攻击识别关键技术研究
Study on Key Technologies of Unknown Network Attack Identification
计算机科学, 2022, 49(6A): 581-587. https://doi.org/10.11896/jsjkx.210400044
[6] 王杉, 徐楚怡, 师春香, 张瑛.
基于CNN-LSTM的卫星云图云分类方法研究
Study on Cloud Classification Method of Satellite Cloud Images Based on CNN-LSTM
计算机科学, 2022, 49(6A): 675-679. https://doi.org/10.11896/jsjkx.210300177
[7] 阙华坤, 冯小峰, 刘盼龙, 郭文翀, 李健, 曾伟良, 范竞敏.
Grassberger熵随机森林在窃电行为检测的应用
Application of Grassberger Entropy Random Forest to Power-stealing Behavior Detection
计算机科学, 2022, 49(6A): 790-794. https://doi.org/10.11896/jsjkx.210800032
[8] 魏辉, 陈泽茂, 张立强.
一种基于顺序和频率模式的系统调用轨迹异常检测框架
Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns
计算机科学, 2022, 49(6): 350-355. https://doi.org/10.11896/jsjkx.210500031
[9] 潘志豪, 曾碧, 廖文雄, 魏鹏飞, 文松.
基于交互注意力图卷积网络的方面情感分类
Interactive Attention Graph Convolutional Networks for Aspect-based Sentiment Classification
计算机科学, 2022, 49(3): 294-300. https://doi.org/10.11896/jsjkx.210100180
[10] 丁锋, 孙晓.
基于注意力机制和BiLSTM-CRF的消极情绪意见目标抽取
Negative-emotion Opinion Target Extraction Based on Attention and BiLSTM-CRF
计算机科学, 2022, 49(2): 223-230. https://doi.org/10.11896/jsjkx.210100046
[11] 张师鹏, 李永忠.
基于降噪自编码器和三支决策的入侵检测方法
Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions
计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059
[12] 吴善杰, 王新.
基于AGA-DBSCAN优化的RBF神经网络构造煤厚度预测方法
Prediction of Tectonic Coal Thickness Based on AGA-DBSCAN Optimized RBF Neural Networks
计算机科学, 2021, 48(7): 308-315. https://doi.org/10.11896/jsjkx.200800110
[13] 李贝贝, 宋佳芮, 杜卿芸, 何俊江.
DRL-IDS:基于深度强化学习的工业物联网入侵检测系统
DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things
计算机科学, 2021, 48(7): 47-54. https://doi.org/10.11896/jsjkx.210400021
[14] 程希, 曹晓梅.
基于信息携带的SQL注入攻击检测方法
SQL Injection Attack Detection Method Based on Information Carrying
计算机科学, 2021, 48(7): 70-76. https://doi.org/10.11896/jsjkx.200600010
[15] 曹扬晨, 朱国胜, 祁小云, 邹洁.
基于随机森林的入侵检测分类研究
Research on Intrusion Detection Classification Based on Random Forest
计算机科学, 2021, 48(6A): 459-463. https://doi.org/10.11896/jsjkx.200600161
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!