计算机科学 ›› 2021, Vol. 48 ›› Issue (11A): 592-596.doi: 10.11896/jsjkx.201100170

• 信息安全 • 上一篇    下一篇

基于多模型判别的网络入侵检测系统

马琳, 王云霄, 赵丽娜, 韩兴旺, 倪金超, 张婕   

  1. 国网山东省电力公司信息通信公司 济南250000
  • 出版日期:2021-11-10 发布日期:2021-11-12
  • 通讯作者: 王云霄(996207306@qq.com)
  • 作者简介:996207306@qq.com
  • 基金资助:
    国网山东省电力公司科技项目(520627190059)

Network Intrusion Detection System Based on Multi-model Ensemble

MA Lin, WANG Yun-xiao, ZHAO Li-na, HAN Xing-wang, NI Jin-chao, ZHANG Jie   

  1. Information and Telecommunication Company,State Grid Shandong Electric Power Company,Jinan 250000,China
  • Online:2021-11-10 Published:2021-11-12
  • About author:MA Lin,born in 1991,postgraduate,intermediate engineer.Her main research interests include network and information security.
    WANG Yun-xiao,born in 1991,postgraduate,intermediate engineer.His main research interests include network and information security.
  • Supported by:
    Project of State Grid Shandong Electric Power Company(520627190059).

摘要: 网络入侵检测系统被广泛应用于网络安全的的建设中,它能够有效地识别出潜在的危害网络安全行为。针对当前网络入侵检测系统单模型存在的局限性,以获得更准确且高效的网络入侵检测结果,提出了基于多模型集成的网络入侵检测系统。该系统通过运用Bagging算法集成了线性支持向量机(Linear Support Vector Machines,Linear SVM)、残差神经网络(Residual Networks,ResNets)、时序卷积网络(Temporal Convolutional Network,TCN)这3种模型,从而对网络入侵进行检测。实验的入侵检测数据采用国网山东省电力公司工作设备的99 809条网络日志数据以及AWID作为公测数据集,分别对比了单独使用Linear SVM,ResNets,TCN这3种模型的网络入侵检测效果。实验结果证明了所提系统使用的多模型集成算法综合了各个模型的优势,使得总体正确率升到了最高99.24%且比TCN多出7.95%。此外,所提系统不仅拥有极高的正确率,漏警率也低至0.07%,这十分符合网络安全防护系统的要求,成功实现了更加准确高效的网络入侵检测。

关键词: 多模型集成, 入侵检测, 深度神经网络, 网络安全防护

Abstract: The network intrusion detection system (NIDS) is widely used in the construction of network security.It can effectively identify the potential behaviors that endanger network security.In order to obtain more accurate and efficient network intrusion detection results,a network intrusion detection system based on multi-model ensemble is proposed.The system integrates Linear Support Vector Machines (Linear SVM),Residual Networks (NETS) and Temporal Convolutional Network (TCN) by using Bagging algorithm to detect the network intrusion.Intrusion detection data in experiments are 99809 web log data and AWIDof work equipment in State Grid Shandong Electric Power Companyas its public data sets.This system is compared with the single use Linear SVM,ResNets,TCN this three model.The experimental results show that by using multi-model ensemble algorithm,integrating the advantages of each model,the overall accuracy of this system reaches up to 99.24% and is 7.95% more than TCN.In addition,the system not only has a very high accuracy rate,the alarm rate is also as low as 0.07%,which is consistent with the requirements of network security protection system,and successfully realizes more accurate and efficient network intrusion detection.

Key words: Deep neural network, Intrusion detection, Mmulti-model ensemble, Network security protection

中图分类号: 

  • TP393.0
[1]AL-EMADI S,AL-MOHANNADI A,AL-SENAID F.UsingDeep Learning Techniques for Network Intrusion Detection[C]//2020 IEEE International Conference on Informatics,IoT,and Enabling Technologies (ICIoT).2020:171-176.
[2]MI X L,ZOU F,ZHU R Q.Bagging and deep learning in optimal individualized treatment rules[J].Biometrics,2019,75(2):674-684.
[3]SHIN J,IM C H.Performance Improvement of Near-Infrared Spectroscopy-Based Brain-Computer Interface Using Regulari-zed Linear Discriminant Analysis Ensemble Classifier Based on Bootstrap Aggregating[OL].https://search.ebscohost.com/login.aspx?direct=true&db=edselc&AN=edselc.2-52.0-85082676481&lang=zh-cn&site=eds-live.
[4]LECUN Y,BENGIO Y,HINTON G.Deep learning[J].Nature.2015,521(7553):436-444.
[5]SALAMA M A,EID H F,RAMADAN R A.Hybrid intelligent intrusion detection scheme [M]//Soft Computing in Industrial Applications.Springer,Berlin,Heidelberg,2011:293-303.
[6]MUKKAMALA S,JANOSKI G.SUNGA H.Feature rankingand selection for intrusion detection using support vector machines[C]//Proceeding of the International Conference on Information and Knowledge Engineering.2002:503-509.
[7]MUKKAMALA S.JANOSKI G.SUNG A H.Instrusion detection using neural networks and support vector machines[C]//Proceeding of IEEE International Joint Conference on Neural Networks.2002:1702-1702.
[8]SHUM J,MALKI H A.Network intrusion detection systemusing neural networks[C]//Fourth International Conference on Natural Computation.2008:242-246.
[9]ANYANWU L O,JARED K P D,AROME G A,et al.Scalableintrusion detection with recurrent neural networks[C]//Se-venth International Conference on Information Technology.2010:919-923.
[10]FIORE U,PALMIERI F,CASTIGLIONE A,et al.Networkanomaly detection with the restricted Boltzmann machine[J].Neurocomputing,2013,122(12):13-23.
[11]YIN C L,ZHU Y F,FEI J L.A deep learning approach for intrusion detection using recurrent neural networks[J].IEEE Access,2017,2017(5):21954-21961.
[12]HE K,ZHANG X,REN S,et al.Deep residual learning for image recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:770-778.
[13]BAI S,KOLTER J Z,KOLTUN V.An empirical evaluation of generic convolutional and recurrent networks for sequence mo-deling[J].arXiv:1803.01271,2018.
[14]GOODFELLOW I,BENGIO J,KUWELL A.Deep Learning[M].People's Posts and Telecommunications Press,2017:220-222.
[15]LI X B,LI S Y,LI X B,et al.AdBagging:Adaptive sampling Parameter online bagging algorithm[J].Computer Engineering and Design,2011,32(12):4095-4099.
[16]WAIBEL A,HANAZAWA T,HINTON G,et al.Phoneme recognition using time-delay neural networks[J].IEEE Transactions on Acoustics,Speech,and Signal Processing,1989,37(3):328-339.
[1] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[2] 周志豪, 陈磊, 伍翔, 丘东亮, 梁广升, 曾凡巧.
基于SMOTE-SDSAE-SVM的车载CAN总线入侵检测算法
SMOTE-SDSAE-SVM Based Vehicle CAN Bus Intrusion Detection Algorithm
计算机科学, 2022, 49(6A): 562-570. https://doi.org/10.11896/jsjkx.210700106
[3] 曹扬晨, 朱国胜, 孙文和, 吴善超.
未知网络攻击识别关键技术研究
Study on Key Technologies of Unknown Network Attack Identification
计算机科学, 2022, 49(6A): 581-587. https://doi.org/10.11896/jsjkx.210400044
[4] 魏辉, 陈泽茂, 张立强.
一种基于顺序和频率模式的系统调用轨迹异常检测框架
Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns
计算机科学, 2022, 49(6): 350-355. https://doi.org/10.11896/jsjkx.210500031
[5] 高捷, 刘沙, 黄则强, 郑天宇, 刘鑫, 漆锋滨.
基于国产众核处理器的深度神经网络算子加速库优化
Deep Neural Network Operator Acceleration Library Optimization Based on Domestic Many-core Processor
计算机科学, 2022, 49(5): 355-362. https://doi.org/10.11896/jsjkx.210500226
[6] 焦翔, 魏祥麟, 薛羽, 王超, 段强.
基于深度学习的自动调制识别研究
Automatic Modulation Recognition Based on Deep Learning
计算机科学, 2022, 49(5): 266-278. https://doi.org/10.11896/jsjkx.211000085
[7] 范红杰, 李雪冬, 叶松涛.
面向电子病历语义解析的疾病辅助诊断方法
Aided Disease Diagnosis Method for EMR Semantic Analysis
计算机科学, 2022, 49(1): 153-158. https://doi.org/10.11896/jsjkx.201100125
[8] 张师鹏, 李永忠.
基于降噪自编码器和三支决策的入侵检测方法
Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions
计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059
[9] 李贝贝, 宋佳芮, 杜卿芸, 何俊江.
DRL-IDS:基于深度强化学习的工业物联网入侵检测系统
DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things
计算机科学, 2021, 48(7): 47-54. https://doi.org/10.11896/jsjkx.210400021
[10] 程希, 曹晓梅.
基于信息携带的SQL注入攻击检测方法
SQL Injection Attack Detection Method Based on Information Carrying
计算机科学, 2021, 48(7): 70-76. https://doi.org/10.11896/jsjkx.200600010
[11] 周欣, 刘硕迪, 潘薇, 陈媛媛.
自然交通场景中的车辆颜色识别
Vehicle Color Recognition in Natural Traffic Scene
计算机科学, 2021, 48(6A): 15-20. https://doi.org/10.11896/jsjkx.200800078
[12] 俞建业, 戚湧, 王宝茁.
基于Spark的车联网分布式组合深度学习入侵检测方法
Distributed Combination Deep Learning Intrusion Detection Method for Internet of Vehicles Based on Spark
计算机科学, 2021, 48(6A): 518-523. https://doi.org/10.11896/jsjkx.200700129
[13] 曹扬晨, 朱国胜, 祁小云, 邹洁.
基于随机森林的入侵检测分类研究
Research on Intrusion Detection Classification Based on Random Forest
计算机科学, 2021, 48(6A): 459-463. https://doi.org/10.11896/jsjkx.200600161
[14] 贾琳, 杨超, 宋玲玲, 程镇, 李琲珺.
改进的否定选择算法及其在入侵检测中的应用
Improved Negative Selection Algorithm and Its Application in Intrusion Detection
计算机科学, 2021, 48(6): 324-331. https://doi.org/10.11896/jsjkx.200400033
[15] 王颖颖, 常俊, 武浩, 周详, 彭予.
基于WiFi-CSI的入侵检测方法
Intrusion Detection Method Based on WiFi-CSI
计算机科学, 2021, 48(6): 343-348. https://doi.org/10.11896/jsjkx.200700006
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!